last executing test programs: 7.672271577s ago: executing program 1 (id=2066): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0x4000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) mmap(&(0x7f00000d5000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mlock(&(0x7f00001e9000/0x1000)=nil, 0x1000) fsopen(0x0, 0x0) renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_DROP_MASTER(r4, 0x641f) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r5, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000440)={r6, 0x0, 0x0, 0x0, 0x1, [], [0x0, 0xfffffffd], [], [0x0, 0x0, 0x2]}) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) r8 = epoll_create(0x3) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f00000000c0)) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r7, 0x40046208, 0x0) ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000340)) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x3) r9 = dup(r2) write$uinput_user_dev(r9, &(0x7f0000001040)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4b], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcf]}, 0x45c) ioctl$UI_DEV_CREATE(r9, 0x5501) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2) 6.550688435s ago: executing program 2 (id=2070): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/udp6\x00') r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x4b, &(0x7f0000000180)=0xfffffff7, 0x4) bind$inet6(r1, &(0x7f0000000680)={0xa, 0x4e20, 0x0, @private0}, 0x1c) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r2, 0x29, 0x4b, &(0x7f00000009c0)=0x8, 0x4) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c) preadv(r0, &(0x7f0000000280)=[{&(0x7f0000000380)=""/218, 0xda}], 0x1, 0x14a, 0x0) r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0xd7, 0x0) mmap$usbfs(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1000005, 0x13, r3, 0x20) mremap(&(0x7f0000ff6000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ffd000/0x3000)=nil) 6.432188284s ago: executing program 2 (id=2071): r0 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) userfaultfd(0x1) socket$netlink(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, &(0x7f0000000040), &(0x7f0000000200)=0x4) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000280), 0x1e1982, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00a8a16000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180100001100000000000000000000001812", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r6}, 0x10) syz_clone3(&(0x7f00000006c0)={0x80014080, 0x0, 0x0, 0x0, {0x1c}, 0x0, 0x0, 0x0, 0x0}, 0x58) ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSMAXCID(r4, 0x40047451, &(0x7f0000000140)) ioctl$PPPIOCSFLAGS1(r4, 0x40047459, &(0x7f0000000100)=0x2000004) pwritev(r4, &(0x7f00000001c0)=[{&(0x7f00000004c0)="00214717a70700000000030600710a5e31163ceb9d04712000000005000000182ce0ab6d000041a15be2d9d13cd1cb0c238e61cfd6a5d7cd0eaa50e027db032ddbfe85e53b87eb950a450000000000000000", 0x52}], 0x1, 0x0, 0x0) r7 = syz_io_uring_setup(0x3254, &(0x7f0000000100)={0x0, 0xae31, 0x10, 0x2000e00, 0x17b}, &(0x7f0000000000), &(0x7f0000000180)) syz_io_uring_setup(0x67fd, &(0x7f0000000380)={0x0, 0x3400, 0x200, 0x3, 0x4000022c, 0x0, r7}, 0x0, 0x0) io_uring_setup(0x4d63, &(0x7f0000000080)={0x0, 0x0, 0x800, 0xfffffffd, 0x52}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) syz_clone(0x8044000, &(0x7f0000000280)="66124f3c4f7f8cddc375eb556c6710", 0xf, 0x0, 0x0, 0x0) syz_clone(0x80082000, 0x0, 0x0, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x0, r8, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}}) io_uring_enter(r0, 0x27e2, 0x0, 0x0, 0x0, 0x0) 6.317279873s ago: executing program 1 (id=2072): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="c0000000040a010300"], 0xc0}, 0x1, 0x0, 0x0, 0x4000000}, 0x40850) rt_sigprocmask(0x0, &(0x7f0000000000)={[0x35, 0x45]}, &(0x7f0000000080), 0x8) 6.242208492s ago: executing program 1 (id=2073): r0 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$inet_opts(r0, 0x0, 0x1a, 0x0, &(0x7f0000000200)) ioctl$FIONCLEX(r0, 0x5450) r1 = mq_open(&(0x7f000084dff0)='rmdF\x17\x16\xbc\xec', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000040)={0x0, 0x6, 0x101}) r2 = creat(&(0x7f0000001140)='./file0\x00', 0x104) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r2, 0xc080661a, &(0x7f0000001180)={@id={0x2, 0x0, @auto="a83c007a02ed16c21f1f20954989dc17"}}) ppoll(&(0x7f0000000100)=[{r1}], 0x1, 0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0) mq_timedreceive(r1, &(0x7f0000000140)=""/4096, 0x1000, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb4, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r3}, @generic={0x69, 0x0, 0x0, 0xb9}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 5.35204785s ago: executing program 1 (id=2077): r0 = openat$adsp1(0xffffff9c, &(0x7f0000000100), 0x40, 0x0) r1 = openat$binfmt(0xffffff9c, 0x0, 0x41, 0x1ff) write$binfmt_script(r1, &(0x7f0000000140)={'#! ', './file0', [], 0xa, "6d10460a12594f5a6c434b78409d69493569b231b89d71a08d21acba6935b6efe843f3b13e59a278088b7eafbb2274f56ce88b43b02fe602cafb832d896aafa78c95c0dc150df4889d60f9ab74d8fa584261e844e5b38bddab82a619336100a10d9aa18cfe3d5818aaa64cc2a4f928f03d9382289c22d4814fe1efeb50322629879a40870d7fda0fd33f80f4cd1d9802cb7f177f8afbbde6716f22407815ce7bd8aafd5613c8fd"}, 0xb2) ioctl$SNDCTL_DSP_CHANNELS(r0, 0x40045017, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x1) r2 = syz_open_dev$usbmon(0x0, 0x81, 0x101000) ioctl$AUTOFS_IOC_PROTOVER(r2, 0x9204, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$SNDCTL_DSP_SUBDIVIDE(r4, 0xc0045009, &(0x7f0000000300)=0xfffd) r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r5, &(0x7f0000000200)='V', 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) write$char_usb(r4, &(0x7f0000000200)='V', 0x1) write$char_usb(r3, &(0x7f0000000000)='8', 0x1) 5.042199625s ago: executing program 2 (id=2079): syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) syz_usb_connect$cdc_ncm(0x1, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a0100"], 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xa, 0x4, 0x100, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) syz_open_dev$char_usb(0xc, 0xb4, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x3a) unshare(0x2040400) r3 = dup(r2) bind$unix(r3, &(0x7f00000001c0)=@abs={0x0, 0x2}, 0x6e) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r5 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r5, &(0x7f0000000100)=[{&(0x7f00000004c0)='4', 0x1}], 0x9) 2.412232202s ago: executing program 0 (id=2095): r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r0, &(0x7f0000000000), 0x12) write(r0, 0x0, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x8, 0x0, 0x2}}}}}}, 0x0) syz_emit_ethernet(0xfdef, &(0x7f0000000880)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010448", 0x20, 0x3a, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, '\x00', @remote, [{0x2, 0x1, "36dad83aea8d"}]}}}}}}, 0x0) 2.312109963s ago: executing program 0 (id=2096): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) (async) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x6}) (async) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x6}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000540)={0x0, &(0x7f0000000540)}) socket$unix(0x1, 0x5, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000800000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) (async) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0) r3 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x200) syz_io_uring_setup(0x2239, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x0, 0x0) pipe2$9p(&(0x7f0000000cc0), 0x0) (async) pipe2$9p(&(0x7f0000000cc0), 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRES64=r3, @ANYBLOB=',wfdno=', @ANYRESDEC=r1]) (async) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRES64=r3, @ANYBLOB=',wfdno=', @ANYRESDEC=r1]) r4 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "5161dc20", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]}) (async) ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x6, 0x4d, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "5161dc20", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]}) syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) (async) r5 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f0000000340)={"6d71f879", 0x0, 0x0, 0x0, 0x0, 0x0, "244a18d1c4e6469a005caf0c0ff58a", "ce4250d8", "bf513d1d", "136712b9", ["27e203a56a36ac4f0b8b8c4f", "5e10229555954b0f02cd1469", "cb0e83d3a15978155c384d00", "79f56ca74227234da829edb7"]}) syz_emit_ethernet(0x4e, &(0x7f0000000740)=ANY=[], 0x0) syz_emit_ethernet(0x9a, &(0x7f00000003c0)=ANY=[@ANYBLOB="b9fbb4af4e53ffffffffffff88470000000000000000000000000000000000000000603214350050000020010000000000000000000000000001ff0100000000000000000000000000010006000000000000fe8000000000000000000000000000aafc000000000000000000000000000001fc000000000000000000000000000000af00fac47a56b1d8dbd9c704d6d33910fdbccc263cc93e9d265e549f821f27db7f2748a79ebe0c88d39556a0a37e6f906b66761c25abf453adb30068aa55cbab418e2a31daaf986dcc0f1b6fab9f872bc129e54eb4f5f1b62de6ec984c118656e967f9e4242eec6088c2351e97552d3287174a2ce4f7cd3eef0132dd5c752f7ff86c9b8e2f580c5a688f219636a788f747fa5d924de3f232cbc7b4dfd7ff4d2f461e2bb4b519a59cf6195576f57e"], 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000500), r2) sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000680)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000005c0)={&(0x7f00000006c0)=ANY=[@ANYRES8=r2, @ANYRESOCT=r2, @ANYBLOB="00022abd7000ffdbdf250700000048000280060002004e200000080007000500000014000100ff01000000000000000000000000000105000d000100000005000d000100000008000800000000800800070000000100"], 0x5c}, 0x1, 0x0, 0x0, 0x20008010}, 0x4) (async) sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000680)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000005c0)={&(0x7f00000006c0)=ANY=[@ANYRES8=r2, @ANYRESOCT=r2, @ANYBLOB="00022abd7000ffdbdf250700000048000280060002004e200000080007000500000014000100ff01000000000000000000000000000105000d000100000005000d000100000008000800000000800800070000000100"], 0x5c}, 0x1, 0x0, 0x0, 0x20008010}, 0x4) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_CREATE_PIT2(r7, 0x4040ae77, &(0x7f0000000040)) (async) ioctl$KVM_CREATE_PIT2(r7, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_PIT(r7, 0x8048ae66, &(0x7f0000000080)={[{0x5}]}) 1.921814345s ago: executing program 3 (id=2097): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r1, &(0x7f0000000100)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x902}, 0xe) write$binfmt_script(r1, &(0x7f0000000200), 0xfffffdef) r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r2, 0x402, 0x8000003d) fcntl$setsig(r2, 0xa, 0x21) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6}]}) close_range(r3, 0xffffffffffffffff, 0x0) sendmmsg$sock(r1, &(0x7f0000002200)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4050) r4 = socket$vsock_stream(0x28, 0x1, 0x0) getsockname(r4, &(0x7f00000014c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001540)=0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x10, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) r6 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r9, &(0x7f00000001c0)=ANY=[@ANYBLOB='-'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r9, 0x0) syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r6, 0x2d3e, 0x0, 0x0, 0x0, 0x0) unshare(0x20000400) signalfd4(r0, &(0x7f0000000140), 0x8, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) msync(&(0x7f00005da000/0x3000)=nil, 0x3000, 0x0) r10 = socket(0x848000000015, 0x805, 0x0) connect$inet6(r10, &(0x7f0000000240)={0xa, 0x0, 0xfffffffc, @remote, 0xf4}, 0x1c) bind$inet6(r10, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}, 0x10}, 0x1c) 1.731277734s ago: executing program 1 (id=2098): r0 = socket$netlink(0x10, 0x3, 0xa) r1 = socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000240)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}}, 0x18) sendmmsg(r1, &(0x7f0000008940)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000880)=@l2={0x1f, 0x8000, @none, 0x8}, 0x80, 0x0}}], 0x2, 0x0) openat$kvm(0xffffff9c, &(0x7f0000000080), 0x155003, 0x0) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="28000000030605000000797a32002de252e7f900000005000100070000000000200000000000000006ed0000c0edff225d7d17abd40a088dd14611b369d2d1adfd453a59b29558a3ac4cacdc838e73dc72fb2a7419404e7cbf5e35c3b6421954a231c8157a"], 0x28}}, 0x0) 1.72948075s ago: executing program 1 (id=2099): open(0x0, 0x0, 0x0) (async) open(0x0, 0x0, 0x0) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000000640), 0x4) (async) setsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, &(0x7f0000000640), 0x4) getsockopt$WPAN_SECURITY_LEVEL(r0, 0x0, 0x2, 0x0, &(0x7f00000000c0)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bind$alg(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) (async) bind$alg(0xffffffffffffffff, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) (async) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = gettid() process_vm_writev(r2, 0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) userfaultfd(0x80001) (async) r3 = userfaultfd(0x80001) fcntl$dupfd(r3, 0x0, r3) (async) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$UFFDIO_ZEROPAGE(r4, 0xc018aa06, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getpid() r5 = socket$kcm(0x29, 0x2, 0x0) getsockopt$kcm_KCM_RECV_DISABLE(r5, 0x119, 0x1, 0x0, 0x0) r6 = socket$inet(0x2, 0x2, 0x0) shutdown(r6, 0x0) (async) shutdown(r6, 0x0) recvmmsg(r6, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 1.65931901s ago: executing program 2 (id=2100): pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) syz_emit_vhci(&(0x7f00000004c0)=ANY=[@ANYBLOB="040e0501460c1f00c7f641737da8c5df97e629d54f8eef8f4b4c287248623393943b5ba71f4c252077dee7cda5f191af639f6bc9ccce6307303924e47e62deed5d1bb5921eea00000c30f73971da9388b9ec29139dedf9d61d113d31eeef342c9d"], 0x8) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x5) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0x1}], 0x1, 0x0, 0x0, 0x4000080}, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000180)) r1 = socket$inet_smc(0x2b, 0x1, 0x0) getpeername$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @empty}, &(0x7f0000000100)=0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x5f) connect$inet(r1, &(0x7f0000000640)={0x2, 0x2, @local}, 0x10) setsockopt$sock_int(r1, 0x1, 0x26, &(0x7f0000000080)=0x55, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000340), 0x4) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), 0xffffffffffffffff) r2 = socket(0x2, 0x80805, 0x0) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000280)=0x1, 0x4) setsockopt$IP_VS_SO_SET_STOPDAEMON(r2, 0x0, 0x48c, &(0x7f00000001c0)={0x2, 'veth1_to_bridge\x00'}, 0x18) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000140)={r4, 0xa2ee, 0x6}, 0x8) 1.601500814s ago: executing program 3 (id=2101): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x3e0}) syz_emit_ethernet(0x32, &(0x7f00000002c0)={@multicast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x17c1, 0x10, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "d482449a"}}}}}}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) r1 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_USER_TTY(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="00010000640410002abd7000fedbdf259281c2b7ce9ed25575bd4d9904f2cfb50bfe1c287fd7c64216041093f7ba910d35be3b5106d71880406f4eceb6d9eac853672fb021bda21dc74e5864579bf95cbb7c5d28926cdb825918b4be251543772b83c260f294d61a857c941ebf72ba12cd05f9d2e1c230e9bdb0024331f91826cf5a5f1d637a822ccc0b4a2511a07441293031160e013af3247f3e4d62ed87a268e6599639955499c72f0aa74799d196e454f8efc8babfa58bc8390602a4aca152ed56733f3c30c52e7d620ab4283282804cd30405c86ce71b68a7dd0422401afcf8a85045077eda230c9bf2a5d84518d52c8e4104496297790e1ba898f24400"], 0x100}, 0x1, 0x0, 0x0, 0x4c850}, 0x40044) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f00002d7000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000a88000/0x2000)=nil, 0x3) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2}) ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000400)={&(0x7f0000b36000/0x12000)=nil, &(0x7f0000841000/0x4000)=nil, 0x12000}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r2, 0x89fc, &(0x7f0000000040)={'bond0\x00', &(0x7f0000001f00)=@ethtool_ringparam}) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}, 0x1}) syz_io_uring_setup(0x6866, &(0x7f00000003c0)={0x0, 0x0, 0x4}, &(0x7f0000000440), &(0x7f0000000480)) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSETMODE(r3, 0x4b3a, 0x1) ioctl$TCXONC(r3, 0x4b3a, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000d80)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x0) 1.552164107s ago: executing program 2 (id=2102): syz_usb_disconnect(0xffffffffffffffff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x200, 0xa, 0x2}) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r2, 0xc0585609, &(0x7f0000000040)={0x0, 0xa}) socket$inet6_udp(0xa, 0x2, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000050cb5340450c10108e492940a80909021b00090000000009040002010035040009058dff86"], 0x0) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r3, 0x0, 0x0) 1.491883212s ago: executing program 3 (id=2103): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000700)=@filter={'filter\x00', 0xe, 0x4, 0x0, 0xffffffff, 0x128, 0x94, 0x0, 0xffffffff, 0xffffffff, 0x1bc, 0x1bc, 0x1bc, 0xffffffff, 0x4, &(0x7f0000000000), {[{{}, @REJECT={0x0, 'REJECT\x00', 0x0, {0x7}}}, {{}, @common=@unspec=@STANDARD={0x0, '\x00', 0x0, 0x94}}, {{@ip={@rand_addr, @rand_addr, 0x0, 0x0, '\x00', '\x00', {}, {0xff}}}, @common=@unspec=@STANDARD={0x0, '\x00', 0x0, 0x128}}]}}, 0xfea1) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000100)={0xa, 0x4}) bind$tipc(r0, &(0x7f0000000000)=@id={0x1e, 0x3, 0x2, {0x4e24}}, 0x10) bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10) bind$tipc(r1, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000006800010000000000000000000a0000000000000018000880140001000000000000000000000004000000000008000500", @ANYRES32=r7, @ANYBLOB="060006"], 0x40}}, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000003c0)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r6, 0xc06864a2, &(0x7f00000006c0)={0x0, 0x0, r9, r10, 0x3, 0x1, 0x80000001, 0x5, {0x4, 0xfff8, 0xfffb, 0x7ff, 0x68, 0xaa, 0x73b6, 0xed, 0x30, 0x4, 0x4, 0x6, 0x9, 0x0, "edf3b72a39fd20b05c922adceb40713de676294e90578c2051c49f221ac766fc"}}) bind$tipc(r0, 0x0, 0x0) execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000000300)={[&(0x7f00000000c0)='-\x00', &(0x7f0000000180)='/dev/dri/card#\x00', &(0x7f00000001c0)='))\x00', &(0x7f0000000240)=']%/*^\x00', &(0x7f0000000280)='/dev/dri/card#\x00', &(0x7f00000002c0)='.,\x00']}, &(0x7f0000000400)={[&(0x7f0000000340)='/dev/dri/card#\x00', &(0x7f0000000380)='-\x00']}) 1.39219647s ago: executing program 0 (id=2104): r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00006d8000/0x3000)=nil, 0x3000}, 0x5}) ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000080)={&(0x7f0000c07000/0x3000)=nil, &(0x7f0000508000/0x4000)=nil, 0x3000, 0x2, 0x500000000000000}) 1.292157663s ago: executing program 3 (id=2105): r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) listen(r0, 0x400000001ffffffd) r1 = socket$inet6(0xa, 0x6, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r2, 0x29, 0x4b, &(0x7f0000000100)=0x4, 0x4) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1c) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x32b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e20}, @IFLA_GENEVE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r4 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r4) r5 = syz_init_net_socket$ax25(0x3, 0x5, 0xca) setsockopt$ax25_int(r5, 0x101, 0x2, 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmmsg$inet6(r1, &(0x7f0000000f80)=[{{0x0, 0x0, &(0x7f0000000dc0)}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r4, &(0x7f0000000340)={0x0, 0x2f, &(0x7f0000000000)={0x0}}, 0x0) 1.133627303s ago: executing program 3 (id=2106): r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e23, 0x0, @empty}, 0x1c) listen(r0, 0x400000001ffffffd) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r2) r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xca) setsockopt$ax25_int(r3, 0x101, 0x2, 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) sendmmsg$inet6(r1, &(0x7f0000000f80)=[{{0x0, 0x0, &(0x7f0000000dc0)}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f0000000340)={0x0, 0x2f, &(0x7f0000000000)={0x0, 0x1f00}}, 0x0) 1.133451939s ago: executing program 0 (id=2107): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000580)) syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x10040, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 1.131343841s ago: executing program 3 (id=2108): syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) syz_usb_connect$cdc_ncm(0x1, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a0100"], 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xa, 0x4, 0x100, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) syz_open_dev$char_usb(0xc, 0xb4, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x3a) unshare(0x2040400) r3 = dup(r2) bind$unix(r3, &(0x7f00000001c0)=@abs={0x0, 0x2}, 0x6e) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200001400ffd9b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r5 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r5, &(0x7f0000000100)=[{&(0x7f00000004c0)='4', 0x1}], 0x9) 1.001885462s ago: executing program 0 (id=2109): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000002700)={0xa, 0x0, 0xffffffff, @mcast2, 0xffff, 0x4}, 0x20) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) modify_ldt$write(0x1, &(0x7f0000000500)={0x38, 0x0, 0x600}, 0x10) r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000340)={0x0, r2}) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = dup(r3) ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13e, 0x0, 0xd6e}}) ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x0, 0x0, 0x101}}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0, 0x3000}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000e00)={0x1, 0x0, [{0x0, 0xdf, &(0x7f0000000c00)=""/223}]}) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000002c0)={0x1, r2}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r5 = syz_open_dev$MSR(&(0x7f0000000500), 0x0, 0x0) landlock_create_ruleset(0x0, 0x0, 0x300) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYRES8=r0]) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = syz_open_dev$hiddev(&(0x7f00000001c0), 0x7f, 0x200000) ioctl$HIDIOCGCOLLECTIONINFO(r7, 0xc0104811, &(0x7f0000000200)={0x7fff, 0x2c0, 0x5, 0x80}) sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="580000001000010400002000000000000000", @ANYRES32=0x0, @ANYBLOB="2b12020000000000280012800b00010067656e657665000018000280060005004e20000004000600050008"], 0x58}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x80000011, 0x0, 0x1, 0x0) 295.721µs ago: executing program 0 (id=2110): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0/../file0/../file0\x00', 0x0, 0x1210020, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) userfaultfd(0x80001) r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x14c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_STAB={0xb, 0x2, "1c7ee24c1ef4eeec0c9d75671ec39fd93fc6ecc9d90084b187440a4ddaa0170dc60d2677a64601b4e4bec6aa0e86d3d882431c6b788d06e2cd3c1e441e25c204f8e76fdf0d524b62fa814d35b8be32a01ff74fdc11cfcb452213818f4633a053f2821899cae313e988998c938f35eeacae45df65827a0ff527ac6be599fba9c504ccd5e9c74a325f066f720554da982022a1d7f78ad7a3a00bd0d8baa6b37037f3fc77ff03c6bc620976124fb6dbf734b0d7e1233f7f727cfa07aac465d9964781e398d005ea6c3f1b340a654d7a6fcff969d5fdf7b7d51945e95afed9497f453754dbb6a7fe2a11dc811caf76d68fcb6b06e24ecdea018cb9168460b6f61f8a"}, @TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0xff}}]}}]}, 0x14c}}, 0x0) memfd_secret(0x0) 0s ago: executing program 2 (id=2111): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r2 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000100)=0x14) listen(r1, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r3, &(0x7f0000000040)="a6", 0xffffff4c, 0x0, 0x0, 0x0) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) shutdown(r5, 0x0) r6 = dup3(r5, r4, 0x0) recvmmsg(r6, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}], 0xf00, 0xf0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x28, r8, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) kernel console output (not intermixed with test programs): my_hcd [ 348.721470][ T8872] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 348.724484][ T8872] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 348.728434][ T8872] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 348.730954][ T8872] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 348.733250][ T8872] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.762889][ T8872] hub 6-1:1.0: bad descriptor, ignoring hub [ 348.764682][ T8872] hub 6-1:1.0: probe with driver hub failed with error -5 [ 348.770674][ T8872] cdc_wdm 6-1:1.0: skipping garbage [ 348.772059][ T8872] cdc_wdm 6-1:1.0: skipping garbage [ 348.773477][ T8872] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 349.416798][T11664] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1738'. [ 350.166753][ T69] usb 6-1: USB disconnect, device number 25 [ 350.317059][ T35] usb 8-1: new low-speed USB device number 21 using dummy_hcd [ 350.446389][ T69] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 350.469107][ T35] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 350.472774][ T35] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 350.476469][ T35] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 8 [ 350.480406][ T35] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 350.483667][ T35] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.494532][T11680] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 350.498605][ T35] hub 8-1:1.0: bad descriptor, ignoring hub [ 350.500795][ T35] hub 8-1:1.0: probe with driver hub failed with error -5 [ 350.504339][ T35] cdc_wdm 8-1:1.0: skipping garbage [ 350.511391][ T35] cdc_wdm 8-1:1.0: skipping garbage [ 350.514063][ T35] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 350.516594][ T35] cdc_wdm 8-1:1.0: Unknown control protocol [ 350.607338][ T69] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 350.610114][ T69] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 350.612420][ T69] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 350.615215][ T69] usb 6-1: config 0 interface 0 has no altsetting 0 [ 350.618167][ T69] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 350.620466][ T69] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 350.623249][ T69] usb 6-1: config 0 interface 0 has no altsetting 0 [ 350.637143][ T69] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 350.639707][ T69] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 350.642484][ T69] usb 6-1: config 0 interface 0 has no altsetting 0 [ 350.648989][ T69] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 350.651297][ T69] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 350.654079][ T69] usb 6-1: config 0 interface 0 has no altsetting 0 [ 350.656764][ T69] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 350.659072][ T69] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 350.661849][ T69] usb 6-1: config 0 interface 0 has no altsetting 0 [ 350.668191][ T69] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 350.670506][ T69] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 350.673294][ T69] usb 6-1: config 0 interface 0 has no altsetting 0 [ 350.675730][ T69] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 350.678629][ T69] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 350.681420][ T69] usb 6-1: config 0 interface 0 has no altsetting 0 [ 350.683785][ T69] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 350.686056][ T69] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 350.696393][ T69] usb 6-1: config 0 interface 0 has no altsetting 0 [ 350.699849][ T69] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 350.702172][ T69] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 350.704302][ T69] usb 6-1: Product: syz [ 350.705395][ T69] usb 6-1: Manufacturer: syz [ 350.706718][ T69] usb 6-1: SerialNumber: syz [ 350.708747][ T69] usb 6-1: config 0 descriptor?? [ 350.788545][ T69] yurex 6-1:0.0: USB YUREX device now attached to Yurex #1 [ 351.336852][ T69] usb 6-1: USB disconnect, device number 26 [ 351.339364][ T69] yurex 6-1:0.0: USB YUREX #1 now disconnected [ 351.866483][ T5690] usb 8-1: USB disconnect, device number 21 [ 352.559617][T11703] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1753'. [ 352.756440][ T64] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 352.760938][T11709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 352.802897][T11709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 352.855416][T11710] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1747'. [ 352.868221][T11709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 353.296420][ T1446] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 353.466823][ T1446] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 353.469573][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.471871][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.474681][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 353.482067][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.485016][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.496269][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 353.511065][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.514183][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.519076][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 353.528460][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.530758][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.533547][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 353.535976][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.558255][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.561066][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 353.563560][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.565866][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.568690][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 353.571587][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.573908][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.576962][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 353.579410][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 353.581716][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 353.584464][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 353.604454][ T1446] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 353.606931][ T1446] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 353.609114][ T1446] usb 6-1: Product: syz [ 353.610211][ T1446] usb 6-1: Manufacturer: syz [ 353.611422][ T1446] usb 6-1: SerialNumber: syz [ 353.621256][ T1446] usb 6-1: config 0 descriptor?? [ 353.628760][ T1446] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 353.938797][T11727] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1754'. [ 354.282447][ T64] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 354.285371][T11732] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 354.314094][T11732] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 354.373746][T11732] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 355.957702][ C2] usb 6-1: yurex_control_callback - control failed: -2 [ 355.982543][ T5690] usb 6-1: USB disconnect, device number 27 [ 355.987798][ T5690] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 357.324537][T11784] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1766'. [ 357.367219][T11785] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1764'. [ 357.871808][ T64] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 357.873122][T11798] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 358.291086][T11798] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 358.354947][T11798] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 360.147007][T11836] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 360.178781][T11836] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 360.536575][T11839] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 361.293098][ T64] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 361.296514][T11851] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 361.305273][T11851] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 361.366709][T11851] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 361.522618][T11852] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1780'. [ 361.783169][ T64] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 361.788826][T11860] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 361.803408][T11860] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 361.876831][T11860] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 362.323847][T11869] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1785'. [ 364.151988][T11904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 364.177116][ T64] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 364.243849][T11904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 364.313254][ T64] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 364.314454][T11908] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 364.320495][T11909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 364.329073][T11908] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 364.383636][T11908] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 364.488883][T11913] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1795'. [ 364.491850][T11913] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1795'. [ 365.682192][T11919] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1796'. [ 365.871909][T11922] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1797'. [ 365.916339][T11922] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1797'. [ 365.995126][ T64] Bluetooth: hci3: unexpected event 0x0f length: 70 > 4 [ 365.995152][ T64] Bluetooth: hci3: unexpected event for opcode 0x080b [ 366.326307][ T6432] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 366.487510][ T6432] usb 8-1: config 0 has no interfaces? [ 366.489028][ T6432] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 366.491379][ T6432] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.496763][ T6432] usb 8-1: config 0 descriptor?? [ 366.706563][T11926] netlink: 'syz.3.1799': attribute type 4 has an invalid length. [ 366.722755][T11926] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1799'. [ 366.804545][T11926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 366.810652][T11926] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 366.835827][ T979] usb 8-1: USB disconnect, device number 22 [ 367.501359][T11944] devtmpfs: Too few inodes for current use [ 367.517282][T11944] binder: 11942:11944 ioctl c0306201 20000680 returned -14 [ 367.520772][T11944] binder: 11942:11944 ioctl c04c560f 200006c0 returned -22 [ 367.529132][T11944] binder: 11942:11944 ioctl ae41 2 returned -22 [ 367.628714][T11950] input: syz1 as /devices/virtual/input/input15 [ 367.677428][T11953] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 367.696492][T11953] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 367.738942][ T5690] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 367.741440][ T5690] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 367.744630][ T161] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 367.750664][ T161] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 367.756655][ T161] wlan1: authentication with 08:02:11:00:00:00 timed out [ 367.757271][T11953] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 367.770267][T11958] FAULT_INJECTION: forcing a failure. [ 367.770267][T11958] name failslab, interval 1, probability 0, space 0, times 1 [ 367.773737][T11958] CPU: 3 UID: 0 PID: 11958 Comm: syz.1.1808 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 367.776554][T11958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 367.779325][T11958] Call Trace: [ 367.780215][T11958] [ 367.781013][T11958] dump_stack_lvl+0x16c/0x1f0 [ 367.782282][T11958] should_fail_ex+0x497/0x5b0 [ 367.783568][T11958] ? fs_reclaim_acquire+0xae/0x160 [ 367.784929][T11958] should_failslab+0xc2/0x120 [ 367.786176][T11958] __kmalloc_node_noprof+0xd1/0x440 [ 367.787723][T11958] ? __kvmalloc_node_noprof+0xad/0x1a0 [ 367.789182][T11958] __kvmalloc_node_noprof+0xad/0x1a0 [ 367.790575][T11958] bpf_test_run_xdp_live+0x140/0x500 [ 367.792096][T11958] ? __pfx_bpf_test_run_xdp_live+0x10/0x10 [ 367.793665][T11958] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 367.795237][T11958] ? __pfx_xdp_test_run_init_page+0x10/0x10 [ 367.796817][T11958] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 367.798367][T11958] ? 0xffffffffa0004340 [ 367.799469][T11958] ? 0xffffffffa0004340 [ 367.800572][T11958] ? 0xffffffffa0004340 [ 367.801683][T11958] ? bpf_dispatcher_change_prog+0x54d/0xa80 [ 367.803245][T11958] bpf_prog_test_run_xdp+0x827/0x1580 [ 367.804661][T11958] ? lock_acquire+0x2f/0xb0 [ 367.805891][T11958] ? __fget_files+0x40/0x3f0 [ 367.807473][T11958] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 367.809099][T11958] ? fput+0x30/0x390 [ 367.810137][T11958] ? __bpf_prog_get+0xa0/0x290 [ 367.811384][T11958] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 367.812812][T11958] __sys_bpf+0x1921/0x5780 [ 367.813908][T11958] ? map_id_up+0x290/0x370 [ 367.815086][T11958] ? __pfx___sys_bpf+0x10/0x10 [ 367.816366][T11958] ? lock_acquire.part.0+0x11b/0x380 [ 367.817735][T11958] ? find_held_lock+0x2d/0x110 [ 367.818983][T11958] ? bpf_trace_run2+0x266/0x590 [ 367.820229][T11958] ? __pfx_lock_release+0x10/0x10 [ 367.821538][T11958] ? __pfx_bpf_trace_run2+0x10/0x10 [ 367.822870][T11958] ? fput+0x30/0x390 [ 367.823865][T11958] ? __pfx_ksys_write+0x10/0x10 [ 367.825058][T11958] __ia32_sys_bpf+0x76/0xe0 [ 367.826233][T11958] __do_fast_syscall_32+0x73/0x120 [ 367.827481][T11958] do_fast_syscall_32+0x32/0x80 [ 367.828679][T11958] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 367.830269][T11958] RIP: 0023:0xf7f9f579 [ 367.831290][T11958] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 367.836109][T11958] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 367.838205][T11958] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600 [ 367.840183][T11958] RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000 [ 367.842127][T11958] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 367.844049][T11958] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 367.845976][T11958] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 367.847966][T11958] [ 367.967801][T11962] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1809'. [ 367.970357][T11962] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1809'. [ 368.566801][T11969] netlink: 240 bytes leftover after parsing attributes in process `syz.3.1811'. [ 368.576454][T11969] NCSI netlink: No device for ifindex 0 [ 369.037152][T11977] fuse: Unknown parameter 'rooômode000002BÚ×}£' [ 369.335161][T11982] ======================================================= [ 369.335161][T11982] WARNING: The mand mount option has been deprecated and [ 369.335161][T11982] and is ignored by this kernel. Remove the mand [ 369.335161][T11982] option from the mount to silence this warning. [ 369.335161][T11982] ======================================================= [ 370.300866][T11999] sp0: Synchronizing with TNC [ 370.422125][ C2] TCP: request_sock_TCP: Possible SYN flooding on port [::ffff:0.0.0.0]:20002. Sending cookies. [ 370.619488][T12007] netlink: 'syz.2.1820': attribute type 11 has an invalid length. [ 370.622733][T12007] netlink: 211132 bytes leftover after parsing attributes in process `syz.2.1820'. [ 370.740210][ T64] Bluetooth: hci3: SCO packet for unknown connection handle 201 [ 370.837947][ T64] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 370.844832][T12017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 370.869244][T12017] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 370.926797][T12018] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 372.093390][T12031] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1825'. [ 372.429253][T12038] input input16: cannot allocate more than FF_MAX_EFFECTS effects [ 372.761299][T12040] [U]  [ 372.764153][T12046] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1827'. [ 372.786311][ T39] audit: type=1804 audit(1728127042.553:697): pid=12045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1828" name="/newroot/439/file1" dev="fuse" ino=1 res=1 errno=0 [ 372.791699][ T39] audit: type=1800 audit(1728127042.553:698): pid=12045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1828" name="/" dev="fuse" ino=1 res=0 errno=0 [ 372.797071][ T39] audit: type=1804 audit(1728127042.553:699): pid=12041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1828" name="/newroot/439/file1" dev="fuse" ino=1 res=1 errno=0 [ 372.808734][ T39] audit: type=1804 audit(1728127042.553:700): pid=12041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1828" name="/newroot/439/file1" dev="fuse" ino=1 res=1 errno=0 [ 372.824232][ T39] audit: type=1800 audit(1728127042.553:701): pid=12041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1828" name="/" dev="fuse" ino=1 res=0 errno=0 [ 372.971786][T12049] sp0: Synchronizing with TNC [ 373.066626][T12052] block device autoloading is deprecated and will be removed. [ 373.160274][T12052] ptrace attach of "/syz-executor exec"[6820] was attempted by "/syz-executor exec"[12052] [ 373.297957][ T39] audit: type=1326 audit(1728127043.093:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12060 comm="syz.0.1832" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 373.303248][ T39] audit: type=1326 audit(1728127043.093:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12060 comm="syz.0.1832" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 373.309019][ T39] audit: type=1326 audit(1728127043.093:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12060 comm="syz.0.1832" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 373.314242][ T39] audit: type=1326 audit(1728127043.093:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12060 comm="syz.0.1832" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 373.320100][ T39] audit: type=1326 audit(1728127043.093:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12060 comm="syz.0.1832" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 373.342855][T12059] input: syz1 as /devices/virtual/input/input17 [ 373.485451][T12064] block device autoloading is deprecated and will be removed. [ 373.796330][ T1990] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 373.880286][T12069] Invalid ELF header magic: != ELF [ 373.883309][T12069] evm: overlay not supported [ 373.887641][T12069] IPv6: sit1: Disabled Multicast RS [ 373.889316][T12069] sit1: entered allmulticast mode [ 373.972719][ T1990] usb 7-1: config 0 has no interfaces? [ 373.974204][ T1990] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 373.976671][ T1990] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.983460][ T1990] usb 7-1: config 0 descriptor?? [ 374.202947][T12066] netlink: 'syz.2.1834': attribute type 4 has an invalid length. [ 374.218223][T12066] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1834'. [ 374.252038][T12066] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 374.259083][T12066] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 374.270099][ T979] usb 7-1: USB disconnect, device number 20 [ 374.298776][T12078] Non-string source [ 375.012266][T12096] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1840'. [ 375.643697][T12100] ptrace attach of "/syz-executor exec"[5347] was attempted by "/syz-executor exec"[12100] [ 375.860350][T12114] Invalid ELF header magic: != ELF [ 375.863795][T12114] IPv6: sit1: Disabled Multicast RS [ 375.865367][T12114] sit1: entered allmulticast mode [ 375.942868][T12116] overlayfs: missing 'lowerdir' [ 377.887226][ T1373] ieee802154 phy0 wpan0: encryption failed: -22 [ 377.889481][ T1373] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.229465][T12155] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1858'. [ 378.234957][ T64] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 378.428205][T12164] bridge: RTM_NEWNEIGH with invalid ether address [ 380.620130][T12205] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1872'. [ 380.651791][T12210] FAULT_INJECTION: forcing a failure. [ 380.651791][T12210] name failslab, interval 1, probability 0, space 0, times 0 [ 380.655246][T12210] CPU: 3 UID: 0 PID: 12210 Comm: syz.3.1873 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 380.658019][T12210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 380.660766][T12210] Call Trace: [ 380.661635][T12210] [ 380.662403][T12210] dump_stack_lvl+0x16c/0x1f0 [ 380.663634][T12210] should_fail_ex+0x497/0x5b0 [ 380.664873][T12210] ? fs_reclaim_acquire+0xae/0x160 [ 380.666198][T12210] should_failslab+0xc2/0x120 [ 380.667421][T12210] kmem_cache_alloc_node_noprof+0x71/0x310 [ 380.668947][T12210] ? __alloc_skb+0x2b3/0x380 [ 380.670153][T12210] __alloc_skb+0x2b3/0x380 [ 380.671317][T12210] ? __pfx___alloc_skb+0x10/0x10 [ 380.672612][T12210] ? l2tp_ip_sendmsg+0x2e/0x14e0 [ 380.673902][T12210] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 380.675292][T12210] ? mark_held_locks+0x9f/0xe0 [ 380.676561][T12210] sock_wmalloc+0xd4/0x120 [ 380.677728][T12210] l2tp_ip_sendmsg+0x1ae/0x14e0 [ 380.678998][T12210] ? __import_iovec+0x1fd/0x6e0 [ 380.680262][T12210] ? __pfx_l2tp_ip_sendmsg+0x10/0x10 [ 380.681645][T12210] inet_sendmsg+0x119/0x140 [ 380.682834][T12210] ____sys_sendmsg+0x907/0xb40 [ 380.684086][T12210] ? __pfx_____sys_sendmsg+0x10/0x10 [ 380.685461][T12210] ? get_compat_msghdr+0x11b/0x170 [ 380.686794][T12210] ? __pfx___lock_acquire+0x10/0x10 [ 380.688149][T12210] ___sys_sendmsg+0x135/0x1e0 [ 380.689384][T12210] ? __pfx____sys_sendmsg+0x10/0x10 [ 380.690753][T12210] ? lock_acquire+0x2f/0xb0 [ 380.691935][T12210] ? __fget_files+0x40/0x3f0 [ 380.693149][T12210] ? __pfx___might_resched+0x10/0x10 [ 380.694521][T12210] ? fdget+0x176/0x210 [ 380.695585][T12210] __sys_sendmmsg+0x2a5/0x450 [ 380.696830][T12210] ? __pfx___sys_sendmmsg+0x10/0x10 [ 380.698176][T12210] ? vfs_write+0x14d/0x1140 [ 380.699362][T12210] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 380.700929][T12210] ? fput+0x30/0x390 [ 380.701956][T12210] ? ksys_write+0x1ad/0x260 [ 380.703136][T12210] ? __pfx_ksys_write+0x10/0x10 [ 380.704362][T12210] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 380.705816][T12210] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 380.707509][T12210] __do_fast_syscall_32+0x73/0x120 [ 380.708855][T12210] do_fast_syscall_32+0x32/0x80 [ 380.710121][T12210] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 380.711770][T12210] RIP: 0023:0xf748e579 [ 380.712840][T12210] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 380.717809][T12210] RSP: 002b:00000000f575556c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 380.719956][T12210] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000900 [ 380.722016][T12210] RDX: 00000000040000cf RSI: 0000000000000000 RDI: 0000000000000000 [ 380.724068][T12210] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 380.726111][T12210] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 380.728149][T12210] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 380.730395][T12210] [ 380.787782][T12213] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 380.793191][T12213] batadv_slave_0: entered promiscuous mode [ 380.801321][T12213] FAULT_INJECTION: forcing a failure. [ 380.801321][T12213] name failslab, interval 1, probability 0, space 0, times 0 [ 380.806273][T12213] CPU: 1 UID: 0 PID: 12213 Comm: syz.2.1875 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 380.810134][T12213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 380.813999][T12213] Call Trace: [ 380.815219][T12213] [ 380.816354][T12213] dump_stack_lvl+0x16c/0x1f0 [ 380.818138][T12213] should_fail_ex+0x497/0x5b0 [ 380.819621][T12213] ? rt6_flush_exceptions+0x6a/0x80 [ 380.820986][T12213] should_failslab+0xc2/0x120 [ 380.822222][T12213] kmem_cache_alloc_node_noprof+0x71/0x310 [ 380.823740][T12213] ? __alloc_skb+0x2b3/0x380 [ 380.824960][T12213] __alloc_skb+0x2b3/0x380 [ 380.826119][T12213] ? __pfx___alloc_skb+0x10/0x10 [ 380.827432][T12213] ? rt6_nlmsg_size+0xb2/0x300 [ 380.828678][T12213] ? __pfx_rt6_nlmsg_size+0x10/0x10 [ 380.830428][T12213] inet6_rt_notify+0xf0/0x2c0 [ 380.832120][T12213] fib6_del+0xf5c/0x1790 [ 380.833695][T12213] ? __pfx_fib6_del+0x10/0x10 [ 380.835451][T12213] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 380.837665][T12213] ? fib6_ifdown+0xcd/0x8f0 [ 380.839353][T12213] fib6_clean_node+0x426/0x5b0 [ 380.841128][T12213] ? __pfx_fib6_clean_node+0x10/0x10 [ 380.843064][T12213] ? fib6_walk+0x17a/0x370 [ 380.844728][T12213] ? __pfx_lock_release+0x10/0x10 [ 380.846588][T12213] fib6_walk_continue+0x44f/0x8d0 [ 380.848450][T12213] fib6_walk+0x182/0x370 [ 380.850026][T12213] ? __pfx_fib6_ifdown+0x10/0x10 [ 380.851846][T12213] fib6_clean_tree+0xd7/0x120 [ 380.853620][T12213] ? __pfx_fib6_clean_tree+0x10/0x10 [ 380.855597][T12213] ? __pfx_fib6_clean_node+0x10/0x10 [ 380.857597][T12213] ? __pfx_fib6_ifdown+0x10/0x10 [ 380.859430][T12213] ? lock_acquire+0x2f/0xb0 [ 380.861141][T12213] ? __fib6_clean_all+0xe5/0x2d0 [ 380.862999][T12213] ? __pfx_fib6_ifdown+0x10/0x10 [ 380.864852][T12213] __fib6_clean_all+0x100/0x2d0 [ 380.866785][T12213] rt6_disable_ip+0x2ef/0x940 [ 380.868642][T12213] ? find_held_lock+0x2d/0x110 [ 380.869993][T12213] ? __pfx_rt6_disable_ip+0x10/0x10 [ 380.871319][T12213] ? __pfx_lock_release+0x10/0x10 [ 380.872624][T12213] addrconf_ifdown.isra.0+0x126/0x1a20 [ 380.874053][T12213] ? __mutex_unlock_slowpath+0x164/0x650 [ 380.875528][T12213] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 380.877088][T12213] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 380.878654][T12213] ? tls_dev_event+0xfe/0x1100 [ 380.880386][T12213] addrconf_notify+0x220/0x19c0 [ 380.882227][T12213] ? ip6mr_device_event+0x1bc/0x230 [ 380.884191][T12213] notifier_call_chain+0xb9/0x410 [ 380.886079][T12213] ? __pfx_addrconf_notify+0x10/0x10 [ 380.888065][T12213] call_netdevice_notifiers_info+0xbe/0x140 [ 380.890189][T12213] __dev_notify_flags+0x1f9/0x2e0 [ 380.891990][T12213] ? __pfx___dev_notify_flags+0x10/0x10 [ 380.893999][T12213] ? __pfx___dev_change_flags+0x10/0x10 [ 380.895984][T12213] ? __pfx___lock_acquire+0x10/0x10 [ 380.897922][T12213] dev_change_flags+0x10c/0x160 [ 380.899713][T12213] do_setlink+0x19dd/0x3ee0 [ 380.901441][T12213] ? is_bpf_text_address+0x8a/0x1a0 [ 380.903377][T12213] ? __pfx_lock_release+0x10/0x10 [ 380.905257][T12213] ? trace_lock_acquire+0x14a/0x1d0 [ 380.907186][T12213] ? __pfx_do_setlink+0x10/0x10 [ 380.909003][T12213] ? lock_acquire+0x2f/0xb0 [ 380.910818][T12213] ? is_bpf_text_address+0x30/0x1a0 [ 380.912724][T12213] ? bpf_ksym_find+0x124/0x1c0 [ 380.913978][T12213] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 380.915505][T12213] ? is_bpf_text_address+0x94/0x1a0 [ 380.916874][T12213] ? kernel_text_address+0x8d/0x100 [ 380.918240][T12213] ? __kernel_text_address+0xd/0x40 [ 380.919606][T12213] ? unwind_get_return_address+0x59/0xa0 [ 380.921078][T12213] ? arch_stack_walk+0xa7/0x100 [ 380.922358][T12213] ? __nla_validate_parse+0x605/0x2b10 [ 380.923733][T12213] ? __pfx___nla_validate_parse+0x10/0x10 [ 380.925216][T12213] ? stack_trace_save+0x95/0xd0 [ 380.926495][T12213] ? __pfx_stack_trace_save+0x10/0x10 [ 380.927897][T12213] ? stack_depot_save_flags+0x28/0x900 [ 380.929335][T12213] ? __nla_parse+0x40/0x60 [ 380.930506][T12213] __rtnl_newlink+0xc3a/0x1920 [ 380.931769][T12213] ? __pfx___rtnl_newlink+0x10/0x10 [ 380.933145][T12213] rtnl_newlink+0x67/0xa0 [ 380.934277][T12213] ? __pfx_rtnl_newlink+0x10/0x10 [ 380.935596][T12213] rtnetlink_rcv_msg+0x3c7/0xea0 [ 380.936914][T12213] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 380.938334][T12213] ? __pfx___lock_acquire+0x10/0x10 [ 380.939694][T12213] netlink_rcv_skb+0x165/0x410 [ 380.940957][T12213] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 380.942376][T12213] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 380.943751][T12213] ? rcu_is_watching+0x12/0xc0 [ 380.945011][T12213] netlink_unicast+0x53c/0x7f0 [ 380.946262][T12213] ? __pfx_netlink_unicast+0x10/0x10 [ 380.947637][T12213] ? __phys_addr_symbol+0x30/0x80 [ 380.948957][T12213] ? __check_object_size+0x488/0x710 [ 380.950335][T12213] netlink_sendmsg+0x8b8/0xd70 [ 380.951591][T12213] ? __pfx_netlink_sendmsg+0x10/0x10 [ 380.952972][T12213] ? lock_acquire+0x2f/0xb0 [ 380.954163][T12213] ____sys_sendmsg+0x9ae/0xb40 [ 380.955419][T12213] ? __pfx_____sys_sendmsg+0x10/0x10 [ 380.956886][T12213] ? get_compat_msghdr+0x11b/0x170 [ 380.958225][T12213] ? __pfx___lock_acquire+0x10/0x10 [ 380.959589][T12213] ___sys_sendmsg+0x135/0x1e0 [ 380.960836][T12213] ? __pfx____sys_sendmsg+0x10/0x10 [ 380.962203][T12213] ? lock_acquire+0x2f/0xb0 [ 380.963398][T12213] ? __fget_files+0x40/0x3f0 [ 380.964617][T12213] ? fdget+0x176/0x210 [ 380.965694][T12213] __sys_sendmsg+0x117/0x1f0 [ 380.966912][T12213] ? __pfx___sys_sendmsg+0x10/0x10 [ 380.968189][T12213] ? __fget_files+0x244/0x3f0 [ 380.969406][T12213] __do_fast_syscall_32+0x73/0x120 [ 380.970733][T12213] do_fast_syscall_32+0x32/0x80 [ 380.972009][T12213] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 380.973679][T12213] RIP: 0023:0xf73ce579 [ 380.974746][T12213] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 380.979732][T12213] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 380.981894][T12213] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000080 [ 380.983936][T12213] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 380.985985][T12213] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 380.988028][T12213] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 380.990062][T12213] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 380.992108][T12213] [ 381.124985][T12216] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 382.523577][T12231] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1880'. [ 384.318540][T12245] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 384.323373][T12245] batadv_slave_0: entered promiscuous mode [ 385.354487][T12257] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1886'. [ 385.570801][T12267] syzkaller1: entered promiscuous mode [ 385.572343][T12267] syzkaller1: entered allmulticast mode [ 385.602169][T12257] netlink: 'syz.1.1886': attribute type 20 has an invalid length. [ 385.791095][T12270] FAULT_INJECTION: forcing a failure. [ 385.791095][T12270] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 385.802618][T12270] CPU: 0 UID: 0 PID: 12270 Comm: syz.2.1890 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 385.805411][T12270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 385.808170][T12270] Call Trace: [ 385.809058][T12270] [ 385.809836][T12270] dump_stack_lvl+0x16c/0x1f0 [ 385.811068][T12270] should_fail_ex+0x497/0x5b0 [ 385.812299][T12270] _copy_to_user+0x30/0xc0 [ 385.813478][T12270] __htab_map_lookup_and_delete_batch+0x180c/0x2840 [ 385.815201][T12270] ? __fget_files+0x23a/0x3f0 [ 385.816450][T12270] ? __pfx___htab_map_lookup_and_delete_batch+0x10/0x10 [ 385.818252][T12270] ? __pfx_htab_map_lookup_and_delete_batch+0x10/0x10 [ 385.819998][T12270] bpf_map_do_batch+0x294/0x640 [ 385.821280][T12270] __sys_bpf+0x4b96/0x5780 [ 385.822458][T12270] ? ksys_write+0x21e/0x260 [ 385.823655][T12270] ? __pfx___sys_bpf+0x10/0x10 [ 385.824920][T12270] ? vfs_write+0x14d/0x1140 [ 385.826108][T12270] ? __mutex_unlock_slowpath+0x164/0x650 [ 385.827568][T12270] ? fput+0x30/0x390 [ 385.828606][T12270] ? ksys_write+0x1ad/0x260 [ 385.829793][T12270] ? __pfx_ksys_write+0x10/0x10 [ 385.831063][T12270] __ia32_sys_bpf+0x76/0xe0 [ 385.832255][T12270] __do_fast_syscall_32+0x73/0x120 [ 385.833596][T12270] do_fast_syscall_32+0x32/0x80 [ 385.834867][T12270] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 385.836523][T12270] RIP: 0023:0xf73ce579 [ 385.837592][T12270] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 385.842540][T12270] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 385.844694][T12270] RAX: ffffffffffffffda RBX: 0000000000000019 RCX: 0000000020000800 [ 385.846738][T12270] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 385.848796][T12270] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 385.850852][T12270] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 385.853004][T12270] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 385.855093][T12270] [ 386.337837][T12278] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1894'. [ 386.376015][T12278] bridge_slave_1: left allmulticast mode [ 386.378263][T12278] bridge_slave_1: left promiscuous mode [ 386.383531][T12278] bridge0: port 2(bridge_slave_1) entered disabled state [ 386.397334][T12278] bridge1: port 1(bridge_slave_1) entered blocking state [ 386.399947][T12278] bridge1: port 1(bridge_slave_1) entered disabled state [ 386.402180][T12278] bridge_slave_1: entered allmulticast mode [ 386.416820][T12278] bridge_slave_1: entered promiscuous mode [ 387.378591][T12297] FAULT_INJECTION: forcing a failure. [ 387.378591][T12297] name failslab, interval 1, probability 0, space 0, times 0 [ 387.382040][T12297] CPU: 1 UID: 0 PID: 12297 Comm: syz.1.1899 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 387.385924][T12297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 387.389804][T12297] Call Trace: [ 387.391031][T12297] [ 387.392120][T12297] dump_stack_lvl+0x16c/0x1f0 [ 387.393430][T12297] should_fail_ex+0x497/0x5b0 [ 387.394658][T12297] ? fs_reclaim_acquire+0xae/0x160 [ 387.395978][T12297] should_failslab+0xc2/0x120 [ 387.397225][T12297] __kmalloc_noprof+0xcb/0x410 [ 387.398475][T12297] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 387.399930][T12297] tomoyo_realpath_from_path+0xbf/0x710 [ 387.401373][T12297] ? tomoyo_path_number_perm+0x232/0x5b0 [ 387.402865][T12297] tomoyo_path_number_perm+0x245/0x5b0 [ 387.404274][T12297] ? tomoyo_path_number_perm+0x232/0x5b0 [ 387.406231][T12297] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 387.407791][T12297] ? trace_lock_acquire+0x14a/0x1d0 [ 387.409182][T12297] ? lock_acquire+0x2f/0xb0 [ 387.410360][T12297] ? __fget_files+0x40/0x3f0 [ 387.411562][T12297] ? __fget_files+0x244/0x3f0 [ 387.412837][T12297] security_file_ioctl_compat+0x9b/0x240 [ 387.414282][T12297] __do_compat_sys_ioctl+0x52/0x2b0 [ 387.415676][T12297] __do_fast_syscall_32+0x73/0x120 [ 387.417023][T12297] do_fast_syscall_32+0x32/0x80 [ 387.418288][T12297] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 387.419913][T12297] RIP: 0023:0xf7f9f579 [ 387.420980][T12297] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 387.425891][T12297] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 387.428016][T12297] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040046109 [ 387.430057][T12297] RDX: 0000000020000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 387.432111][T12297] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 387.434139][T12297] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 387.436154][T12297] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 387.438199][T12297] [ 387.503803][T12297] ERROR: Out of memory at tomoyo_realpath_from_path. [ 387.532843][T12306] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1902'. [ 387.537637][T12306] bridge_slave_1: left allmulticast mode [ 387.539139][T12306] bridge_slave_1: left promiscuous mode [ 387.541315][T12306] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.545686][T12306] bridge1: port 1(bridge_slave_1) entered blocking state [ 387.548837][T12306] bridge1: port 1(bridge_slave_1) entered disabled state [ 387.551319][T12306] bridge_slave_1: entered allmulticast mode [ 387.553401][T12306] bridge_slave_1: entered promiscuous mode [ 387.748941][T12317] FAULT_INJECTION: forcing a failure. [ 387.748941][T12317] name failslab, interval 1, probability 0, space 0, times 0 [ 387.752179][T12317] CPU: 3 UID: 0 PID: 12317 Comm: syz.3.1905 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 387.754951][T12317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 387.757741][T12317] Call Trace: [ 387.758626][T12317] [ 387.759405][T12317] dump_stack_lvl+0x16c/0x1f0 [ 387.760658][T12317] should_fail_ex+0x497/0x5b0 [ 387.761900][T12317] ? fs_reclaim_acquire+0xae/0x160 [ 387.763238][T12317] should_failslab+0xc2/0x120 [ 387.764473][T12317] __kmalloc_cache_noprof+0x6b/0x310 [ 387.765863][T12317] ? netlbl_mgmt_add_common+0x987/0x1830 [ 387.767330][T12317] ? nla_strscpy+0x140/0x190 [ 387.768555][T12317] netlbl_mgmt_add_common+0x987/0x1830 [ 387.769977][T12317] netlbl_mgmt_add+0x24d/0x3b0 [ 387.771234][T12317] ? __pfx_netlbl_mgmt_add+0x10/0x10 [ 387.772625][T12317] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 387.774531][T12317] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 387.776449][T12317] genl_family_rcv_msg_doit+0x202/0x2f0 [ 387.777925][T12317] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 387.779510][T12317] ? bpf_lsm_capable+0x9/0x10 [ 387.780749][T12317] ? security_capable+0x7e/0x260 [ 387.782050][T12317] genl_rcv_msg+0x565/0x800 [ 387.783241][T12317] ? __pfx_genl_rcv_msg+0x10/0x10 [ 387.784563][T12317] ? __pfx_netlbl_mgmt_add+0x10/0x10 [ 387.785940][T12317] ? __pfx___lock_acquire+0x10/0x10 [ 387.787299][T12317] netlink_rcv_skb+0x165/0x410 [ 387.788562][T12317] ? __pfx_genl_rcv_msg+0x10/0x10 [ 387.789876][T12317] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 387.791260][T12317] ? down_read+0xc9/0x330 [ 387.792391][T12317] ? __pfx_down_read+0x10/0x10 [ 387.793658][T12317] ? netlink_deliver_tap+0x1ae/0xcf0 [ 387.795032][T12317] genl_rcv+0x28/0x40 [ 387.796079][T12317] netlink_unicast+0x53c/0x7f0 [ 387.797351][T12317] ? __pfx_netlink_unicast+0x10/0x10 [ 387.798724][T12317] ? __phys_addr_symbol+0x30/0x80 [ 387.800036][T12317] ? __check_object_size+0x488/0x710 [ 387.801417][T12317] netlink_sendmsg+0x8b8/0xd70 [ 387.802679][T12317] ? __pfx_netlink_sendmsg+0x10/0x10 [ 387.804055][T12317] ? lock_acquire+0x2f/0xb0 [ 387.805256][T12317] ____sys_sendmsg+0x9ae/0xb40 [ 387.806511][T12317] ? __pfx_____sys_sendmsg+0x10/0x10 [ 387.807895][T12317] ? get_compat_msghdr+0x11b/0x170 [ 387.809244][T12317] ? __pfx___lock_acquire+0x10/0x10 [ 387.810608][T12317] ___sys_sendmsg+0x135/0x1e0 [ 387.811846][T12317] ? __pfx____sys_sendmsg+0x10/0x10 [ 387.813214][T12317] ? lock_acquire+0x2f/0xb0 [ 387.814402][T12317] ? __fget_files+0x40/0x3f0 [ 387.815615][T12317] ? fdget+0x176/0x210 [ 387.816699][T12317] __sys_sendmsg+0x117/0x1f0 [ 387.817912][T12317] ? __pfx___sys_sendmsg+0x10/0x10 [ 387.819250][T12317] ? __fget_files+0x244/0x3f0 [ 387.820511][T12317] __do_fast_syscall_32+0x73/0x120 [ 387.821849][T12317] do_fast_syscall_32+0x32/0x80 [ 387.823120][T12317] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 387.824776][T12317] RIP: 0023:0xf748e579 [ 387.825841][T12317] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 387.830714][T12317] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 387.832866][T12317] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000480 [ 387.834917][T12317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 387.836980][T12317] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 387.839037][T12317] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 387.841090][T12317] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 387.843143][T12317] [ 388.510544][T12329] bond_slave_0: entered promiscuous mode [ 388.512231][T12329] bond_slave_1: entered promiscuous mode [ 388.513784][T12329] macvlan2: entered promiscuous mode [ 388.515167][T12329] bond0: entered promiscuous mode [ 388.519845][T12329] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 388.781247][T12339] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1909'. [ 389.647833][ T64] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 389.652630][T12347] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 389.672925][T12347] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 389.728863][T12347] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 390.516379][T12352] mkiss: ax0: crc mode is auto. [ 390.667735][T12359] nbd2: detected capacity change from 0 to 12 [ 390.669902][T12359] block nbd2: NBD_DISCONNECT [ 390.671815][T11928] block nbd2: Send control failed (result -89) [ 390.673742][T11928] block nbd2: Request send failed, requeueing [ 390.676032][T11928] block nbd2: Disconnected due to user request. [ 390.688414][T12359] block nbd2: Send disconnect failed -89 [ 390.694631][ T36] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 390.698434][ T36] Buffer I/O error on dev nbd2, logical block 0, async page read [ 390.701675][T11928] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 390.704253][T11928] Buffer I/O error on dev nbd2, logical block 0, async page read [ 390.706520][T11928] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 390.708896][T11928] Buffer I/O error on dev nbd2, logical block 0, async page read [ 390.710958][T11928] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 390.713362][T11928] Buffer I/O error on dev nbd2, logical block 0, async page read [ 390.716186][T11928] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 390.726637][T11928] Buffer I/O error on dev nbd2, logical block 0, async page read [ 390.737406][T11928] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 390.739843][T11928] Buffer I/O error on dev nbd2, logical block 0, async page read [ 390.741947][T11928] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 390.744061][T12358] FAULT_INJECTION: forcing a failure. [ 390.744061][T12358] name failslab, interval 1, probability 0, space 0, times 0 [ 390.747199][T11928] Buffer I/O error on dev nbd2, logical block 0, async page read [ 390.750341][T12358] CPU: 1 UID: 0 PID: 12358 Comm: syz.2.1916 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 390.752553][T11928] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 390.753122][T12358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 390.753132][T12358] Call Trace: [ 390.755581][T11928] Buffer I/O error on dev nbd2, logical block 0, async page read [ 390.758376][T12358] [ 390.758383][T12358] dump_stack_lvl+0x16c/0x1f0 [ 390.758402][T12358] should_fail_ex+0x497/0x5b0 [ 390.758418][T12358] ? fs_reclaim_acquire+0xae/0x160 [ 390.758433][T12358] should_failslab+0xc2/0x120 [ 390.758448][T12358] __kmalloc_noprof+0xcb/0x410 [ 390.758462][T12358] ? __pfx_d_absolute_path+0x10/0x10 [ 390.758477][T12358] tomoyo_encode2+0x100/0x3e0 [ 390.758490][T12358] tomoyo_realpath_from_path+0x1a7/0x710 [ 390.758504][T12358] tomoyo_path_number_perm+0x245/0x5b0 [ 390.758519][T12358] ? tomoyo_path_number_perm+0x232/0x5b0 [ 390.758535][T12358] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 390.758562][T12358] ? trace_lock_acquire+0x14a/0x1d0 [ 390.758576][T12358] ? lock_acquire+0x2f/0xb0 [ 390.758590][T12358] ? __fget_files+0x40/0x3f0 [ 390.758602][T12358] ? __fget_files+0x244/0x3f0 [ 390.761465][T11928] ldm_validate_partition_table(): Disk read failed. [ 390.764908][T12358] security_file_ioctl_compat+0x9b/0x240 [ 390.767006][T11928] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 390.767495][T12358] __do_compat_sys_ioctl+0x52/0x2b0 [ 390.768819][T11928] Buffer I/O error on dev nbd2, logical block 0, async page read [ 390.770159][T12358] __do_fast_syscall_32+0x73/0x120 [ 390.771447][T11928] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 390.772830][T12358] do_fast_syscall_32+0x32/0x80 [ 390.774246][T11928] Buffer I/O error on dev nbd2, logical block 0, async page read [ 390.775691][T12358] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 390.777959][T11928] Dev nbd2: unable to read RDB block 0 [ 390.778633][T12358] RIP: 0023:0xf73ce579 [ 390.779982][T11928] nbd2: unable to read partition table [ 390.781046][T12358] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 390.782346][T11928] nbd2: partition table beyond EOD, [ 390.783969][T12358] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 390.783985][T12358] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000000007b1 [ 390.783992][T12358] RDX: 0000000020000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 390.783998][T12358] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 390.784005][T12358] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 390.784011][T12358] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 390.784024][T12358] [ 390.785283][T12358] ERROR: Out of memory at tomoyo_realpath_from_path. [ 390.786524][T11928] truncated [ 390.832670][T12359] ldm_validate_partition_table(): Disk read failed. [ 390.836557][T12359] Dev nbd2: unable to read RDB block 0 [ 390.838501][T12359] nbd2: unable to read partition table [ 390.840173][T12359] nbd2: partition table beyond EOD, truncated [ 390.847565][T11928] ldm_validate_partition_table(): Disk read failed. [ 390.856562][T11928] Dev nbd2: unable to read RDB block 0 [ 390.858130][T11928] nbd2: unable to read partition table [ 390.859647][T11928] nbd2: partition table beyond EOD, truncated [ 391.207203][T12367] netlink: 'syz.1.1919': attribute type 1 has an invalid length. [ 391.209670][T12367] netlink: 9116 bytes leftover after parsing attributes in process `syz.1.1919'. [ 391.212210][T12367] netlink: 'syz.1.1919': attribute type 2 has an invalid length. [ 391.214860][T12367] netlink: 185 bytes leftover after parsing attributes in process `syz.1.1919'. [ 391.408692][T12367] block nbd1: shutting down sockets [ 393.996349][ T5402] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 394.146357][ T5402] usb 8-1: Using ep0 maxpacket: 32 [ 394.179909][ T5402] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 394.188775][ T5402] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 394.191569][ T5402] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 394.193586][ T5402] usb 8-1: Product: syz [ 394.194646][ T5402] usb 8-1: Manufacturer: syz [ 394.195814][ T5402] usb 8-1: SerialNumber: syz [ 394.199321][ T5402] usb 8-1: config 0 descriptor?? [ 394.201713][T12385] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 394.662853][ T979] usb 8-1: USB disconnect, device number 23 [ 394.773256][T12395] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1927'. [ 394.783568][T12395] bridge_slave_1: left allmulticast mode [ 394.785105][T12395] bridge_slave_1: left promiscuous mode [ 394.788140][T12395] bridge0: port 2(bridge_slave_1) entered disabled state [ 394.798242][T12395] bridge1: port 1(bridge_slave_1) entered blocking state [ 394.800149][T12395] bridge1: port 1(bridge_slave_1) entered disabled state [ 394.802029][T12395] bridge_slave_1: entered allmulticast mode [ 394.804101][T12395] bridge_slave_1: entered promiscuous mode [ 396.208049][T12413] netlink: 'syz.3.1930': attribute type 10 has an invalid length. [ 396.210832][T12413] autofs: Unknown parameter './file1' [ 396.968325][T12420] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1933'. [ 397.025234][T12424] netlink: 120 bytes leftover after parsing attributes in process `syz.1.1935'. [ 397.221375][T12422] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1934'. [ 397.347869][T12434] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1937'. [ 397.559673][T12445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 397.585418][T12445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 397.588350][ T64] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 397.819950][T12445] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 398.056942][T12454] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1944'. [ 398.208485][T12458] netlink: 'syz.1.1943': attribute type 10 has an invalid length. [ 398.217635][T12458] autofs: Unknown parameter './file1' [ 399.051398][T12474] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1949'. [ 399.286292][ T30] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 399.456326][ T30] usb 6-1: Using ep0 maxpacket: 8 [ 399.461516][ T30] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 399.464690][ T30] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 399.469346][ T30] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 399.472572][ T30] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 399.476898][ T30] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 399.481354][ T30] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 399.484424][ T30] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.698888][ T30] usb 6-1: GET_CAPABILITIES returned 0 [ 399.700543][ T30] usbtmc 6-1:16.0: can't read capabilities [ 399.957038][ T5402] usb 6-1: USB disconnect, device number 28 [ 399.959536][T12470] usbtmc 6-1:16.0: usb_control_msg returned -71 [ 400.069200][T12486] lo speed is unknown, defaulting to 1000 [ 400.070877][T12486] lo speed is unknown, defaulting to 1000 [ 400.072718][T12486] lo speed is unknown, defaulting to 1000 [ 400.083823][T12486] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 400.104475][T12486] lo speed is unknown, defaulting to 1000 [ 400.110243][T12486] lo speed is unknown, defaulting to 1000 [ 400.113132][T12486] lo speed is unknown, defaulting to 1000 [ 400.115095][T12486] lo speed is unknown, defaulting to 1000 [ 400.122877][T12486] lo speed is unknown, defaulting to 1000 [ 400.272098][T12490] lo speed is unknown, defaulting to 1000 [ 400.810525][T12498] FAULT_INJECTION: forcing a failure. [ 400.810525][T12498] name failslab, interval 1, probability 0, space 0, times 0 [ 400.814095][T12498] CPU: 3 UID: 0 PID: 12498 Comm: syz.2.1955 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 400.816874][T12498] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 400.819615][T12498] Call Trace: [ 400.820502][T12498] [ 400.821285][T12498] dump_stack_lvl+0x16c/0x1f0 [ 400.822523][T12498] should_fail_ex+0x497/0x5b0 [ 400.823753][T12498] should_failslab+0xc2/0x120 [ 400.824998][T12498] __kmalloc_cache_noprof+0x6b/0x310 [ 400.826408][T12498] ? sctp_add_bind_addr+0x9d/0x3e0 [ 400.827800][T12498] sctp_add_bind_addr+0x9d/0x3e0 [ 400.829106][T12498] sctp_copy_local_addr_list+0x39e/0x5a0 [ 400.830558][T12498] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 400.832146][T12498] ? sctp_auth_asoc_copy_shkeys+0x2a7/0x360 [ 400.833702][T12498] ? sctp_bind_addr_copy+0xe0/0x530 [ 400.835028][T12498] sctp_bind_addr_copy+0xe0/0x530 [ 400.836595][T12498] sctp_connect_new_asoc+0x1d8/0x790 [ 400.838007][T12498] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 400.839537][T12498] ? mark_held_locks+0x9f/0xe0 [ 400.840821][T12498] ? sctp_sendmsg+0x112f/0x1f10 [ 400.842101][T12498] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 400.843617][T12498] sctp_sendmsg+0x162a/0x1f10 [ 400.844858][T12498] ? __pfx___lock_acquire+0x10/0x10 [ 400.846224][T12498] ? __pfx_sctp_sendmsg+0x10/0x10 [ 400.847557][T12498] ? lock_acquire+0x2f/0xb0 [ 400.848766][T12498] ? __pfx_aa_sk_perm+0x10/0x10 [ 400.850045][T12498] ? __pfx_sctp_sendmsg+0x10/0x10 [ 400.851523][T12498] inet_sendmsg+0x119/0x140 [ 400.853260][T12498] __sys_sendto+0x426/0x4d0 [ 400.854806][T12498] ? __pfx___sys_sendto+0x10/0x10 [ 400.856207][T12498] ? ksys_write+0x1ad/0x260 [ 400.857407][T12498] ? __pfx_ksys_write+0x10/0x10 [ 400.858690][T12498] __ia32_sys_sendto+0xdd/0x1b0 [ 400.859962][T12498] ? lockdep_hardirqs_on+0x7c/0x110 [ 400.861358][T12498] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 400.863504][T12498] __do_fast_syscall_32+0x73/0x120 [ 400.865182][T12498] do_fast_syscall_32+0x32/0x80 [ 400.866590][T12498] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 400.868124][T12498] RIP: 0023:0xf73ce579 [ 400.869114][T12498] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 400.874756][T12498] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 400.877465][T12498] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020847fff [ 400.879512][T12498] RDX: 0000000000000001 RSI: 0000000000000040 RDI: 000000002005ffe4 [ 400.881570][T12498] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 400.883613][T12498] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 400.885669][T12498] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 400.887721][T12498] [ 401.012111][ T64] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 401.015448][T12507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 401.069979][T12507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 401.124382][T12507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 401.168911][T12509] lo speed is unknown, defaulting to 1000 [ 401.613183][T12516] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1961'. [ 401.763246][T12524] netlink: 'syz.0.1961': attribute type 20 has an invalid length. [ 402.650679][T12539] lo speed is unknown, defaulting to 1000 [ 402.674616][T12544] FAULT_INJECTION: forcing a failure. [ 402.674616][T12544] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 402.682865][T12544] CPU: 0 UID: 0 PID: 12544 Comm: syz.2.1969 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 402.686512][T12544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 402.690113][T12544] Call Trace: [ 402.691282][T12544] [ 402.692305][T12544] dump_stack_lvl+0x16c/0x1f0 [ 402.693961][T12544] should_fail_ex+0x497/0x5b0 [ 402.695611][T12544] strncpy_from_user+0x3b/0x2a0 [ 402.697355][T12544] getname_flags.part.0+0x8f/0x550 [ 402.699132][T12544] getname_flags+0x93/0xf0 [ 402.700694][T12544] user_path_at+0x24/0x60 [ 402.702230][T12544] __ia32_sys_chmod+0xe8/0x1c0 [ 402.703930][T12544] ? __pfx___ia32_sys_chmod+0x10/0x10 [ 402.705853][T12544] __do_fast_syscall_32+0x73/0x120 [ 402.707676][T12544] do_fast_syscall_32+0x32/0x80 [ 402.709409][T12544] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 402.711638][T12544] RIP: 0023:0xf73ce579 [ 402.713083][T12544] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 402.719576][T12544] RSP: 002b:00000000f569556c EFLAGS: 00000296 ORIG_RAX: 000000000000000f [ 402.722459][T12544] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000000000 [ 402.725165][T12544] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 402.727929][T12544] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 402.730713][T12544] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 402.733464][T12544] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 402.736237][T12544] [ 403.136320][ T6432] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 403.209015][T12560] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 403.228609][T12560] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 403.238183][ T30] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 403.240487][ T30] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 403.242312][ T161] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 403.244013][ T161] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 403.251110][ T161] wlan1: authentication with 08:02:11:00:00:00 timed out [ 403.300907][T12561] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 403.346721][ T6432] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 403.350752][ T6432] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 403.354509][ T6432] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 403.360743][ T6432] usb 5-1: config 0 interface 0 has no altsetting 0 [ 403.364372][ T6432] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 403.367779][ T6432] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 403.371616][ T6432] usb 5-1: config 0 interface 0 has no altsetting 0 [ 403.375521][ T6432] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 403.379282][ T6432] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 403.383053][ T6432] usb 5-1: config 0 interface 0 has no altsetting 0 [ 403.386918][ T6432] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 403.389272][ T6432] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 403.393207][ T6432] usb 5-1: config 0 interface 0 has no altsetting 0 [ 403.397991][ T6432] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 403.403338][ T6432] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 403.406192][ T6432] usb 5-1: config 0 interface 0 has no altsetting 0 [ 403.410207][ T6432] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 403.414662][ T6432] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 403.420615][ T6432] usb 5-1: config 0 interface 0 has no altsetting 0 [ 403.424982][ T6432] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 403.431535][ T6432] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 403.434690][ T6432] usb 5-1: config 0 interface 0 has no altsetting 0 [ 403.439495][ T6432] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 403.444104][ T6432] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 403.448563][ T6432] usb 5-1: config 0 interface 0 has no altsetting 0 [ 403.454967][ T6432] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 403.460648][ T6432] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 403.464731][ T6432] usb 5-1: Product: syz [ 403.466519][ T6432] usb 5-1: Manufacturer: syz [ 403.467788][ T6432] usb 5-1: SerialNumber: syz [ 403.475975][ T6432] usb 5-1: config 0 descriptor?? [ 403.490836][ T6432] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 404.530197][T12569] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 404.564298][T12569] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 404.570045][ T5690] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 404.572468][ T5690] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 404.576057][ T68] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 404.579333][ T68] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 404.582314][ T68] wlan1: authentication with 08:02:11:00:00:00 timed out [ 404.620778][T12569] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 405.726892][ C3] usb 5-1: yurex_control_callback - control failed: -2 [ 405.730632][ T5377] usb 5-1: USB disconnect, device number 22 [ 405.737783][ T5377] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 405.906301][ T1446] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 406.067856][ T1446] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 406.070907][ T1446] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 406.073800][ T1446] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 406.086542][ T1446] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 406.089748][ T1446] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 406.092079][ T1446] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.106689][ T1446] usb 6-1: config 0 descriptor?? [ 406.215265][T12586] lo speed is unknown, defaulting to 1000 [ 406.608476][ T1446] plantronics 0003:047F:FFFF.000B: ignoring exceeding usage max [ 406.628471][ T1446] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 406.664218][ T1446] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 406.798064][T12605] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 406.815707][T12605] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 406.849227][ T5377] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 406.851617][ T5377] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 406.853541][ T93] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 406.855772][ T93] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 406.859871][ T93] wlan1: authentication with 08:02:11:00:00:00 timed out [ 406.870908][T12605] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 407.320913][T12613] sp0: Synchronizing with TNC [ 407.451602][T12611] FAULT_INJECTION: forcing a failure. [ 407.451602][T12611] name failslab, interval 1, probability 0, space 0, times 0 [ 407.455117][T12611] CPU: 0 UID: 0 PID: 12611 Comm: syz.3.1986 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 407.458148][T12611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 407.460988][T12611] Call Trace: [ 407.461860][T12611] [ 407.462628][T12611] dump_stack_lvl+0x16c/0x1f0 [ 407.463852][T12611] should_fail_ex+0x497/0x5b0 [ 407.465091][T12611] ? fs_reclaim_acquire+0xae/0x160 [ 407.466414][T12611] should_failslab+0xc2/0x120 [ 407.467751][T12611] __kmalloc_noprof+0xcb/0x410 [ 407.468963][T12611] ? __pfx_d_absolute_path+0x10/0x10 [ 407.470306][T12611] tomoyo_encode2+0x100/0x3e0 [ 407.471494][T12611] tomoyo_realpath_from_path+0x1a7/0x710 [ 407.472923][T12611] tomoyo_path_number_perm+0x245/0x5b0 [ 407.474306][T12611] ? tomoyo_path_number_perm+0x232/0x5b0 [ 407.475806][T12611] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 407.477393][T12611] ? trace_lock_acquire+0x14a/0x1d0 [ 407.478733][T12611] ? lock_acquire+0x2f/0xb0 [ 407.479917][T12611] ? __fget_files+0x40/0x3f0 [ 407.481120][T12611] ? __fget_files+0x244/0x3f0 [ 407.482357][T12611] security_file_ioctl_compat+0x9b/0x240 [ 407.483771][T12611] __do_compat_sys_ioctl+0x52/0x2b0 [ 407.485189][T12611] __do_fast_syscall_32+0x73/0x120 [ 407.486497][T12611] do_fast_syscall_32+0x32/0x80 [ 407.487727][T12611] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 407.489288][T12611] RIP: 0023:0xf748e579 [ 407.490320][T12611] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 407.495209][T12611] RSP: 002b:00000000f575556c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 407.497361][T12611] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 000000000000ab04 [ 407.499413][T12611] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 407.501441][T12611] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 407.503479][T12611] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 407.505586][T12611] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 407.507559][T12611] [ 407.520726][T12611] ERROR: Out of memory at tomoyo_realpath_from_path. [ 407.612888][T12611] block nbd3: shutting down sockets [ 407.766283][ T979] usb 5-1: new low-speed USB device number 23 using dummy_hcd [ 407.919002][ T979] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 407.922514][ T979] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 407.926075][ T979] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 407.931784][ T979] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 407.934815][ T979] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.943029][ T979] hub 5-1:1.0: bad descriptor, ignoring hub [ 407.945966][ T979] hub 5-1:1.0: probe with driver hub failed with error -5 [ 407.949550][ T979] cdc_wdm 5-1:1.0: skipping garbage [ 407.951316][ T979] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 408.426332][ T35] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 408.550943][ T8] usb 6-1: USB disconnect, device number 29 [ 408.616802][ T35] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 408.636596][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 408.639846][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 408.643813][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 408.657736][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 408.660748][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 408.663394][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 408.676847][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 408.679108][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 408.681852][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 408.684741][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 408.687067][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 408.689843][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 408.696860][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 408.699163][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 408.701959][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 408.726987][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 408.729250][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 408.731866][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 408.734333][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 408.736656][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 408.739341][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 408.746644][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 408.748869][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 408.751541][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 408.757592][ T35] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 408.759868][ T35] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 408.761982][ T35] usb 7-1: Product: syz [ 408.763060][ T35] usb 7-1: Manufacturer: syz [ 408.764268][ T35] usb 7-1: SerialNumber: syz [ 408.773746][ T35] usb 7-1: config 0 descriptor?? [ 408.792363][ T35] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 408.854508][T12634] FAULT_INJECTION: forcing a failure. [ 408.854508][T12634] name failslab, interval 1, probability 0, space 0, times 0 [ 408.859284][T12634] CPU: 1 UID: 0 PID: 12634 Comm: syz.0.1995 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 408.862390][T12634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 408.865229][T12634] Call Trace: [ 408.866377][T12634] [ 408.867391][T12634] dump_stack_lvl+0x16c/0x1f0 [ 408.868891][T12634] should_fail_ex+0x497/0x5b0 [ 408.870350][T12634] ? fs_reclaim_acquire+0xae/0x160 [ 408.871675][T12634] should_failslab+0xc2/0x120 [ 408.873041][T12634] kmem_cache_alloc_node_noprof+0x71/0x310 [ 408.875026][T12634] ? __alloc_skb+0x2b3/0x380 [ 408.876639][T12634] __alloc_skb+0x2b3/0x380 [ 408.878145][T12634] ? __pfx___alloc_skb+0x10/0x10 [ 408.879797][T12634] ? lock_acquire+0x2f/0xb0 [ 408.881485][T12634] netlink_alloc_large_skb+0x69/0x130 [ 408.883434][T12634] netlink_sendmsg+0x689/0xd70 [ 408.885166][T12634] ? __pfx_netlink_sendmsg+0x10/0x10 [ 408.887115][T12634] ? lock_acquire+0x2f/0xb0 [ 408.888823][T12634] ____sys_sendmsg+0x9ae/0xb40 [ 408.889701][ T5377] usb 5-1: USB disconnect, device number 23 [ 408.890471][T12634] ? __pfx_____sys_sendmsg+0x10/0x10 [ 408.893430][T12634] ? get_compat_msghdr+0x11b/0x170 [ 408.894767][T12634] ? __pfx___lock_acquire+0x10/0x10 [ 408.896051][T12634] ___sys_sendmsg+0x135/0x1e0 [ 408.897240][T12634] ? __pfx____sys_sendmsg+0x10/0x10 [ 408.898565][T12634] ? lock_acquire+0x2f/0xb0 [ 408.899878][T12634] ? __fget_files+0x40/0x3f0 [ 408.901213][T12634] ? fdget+0x176/0x210 [ 408.902240][T12634] __sys_sendmsg+0x117/0x1f0 [ 408.903447][T12634] ? __pfx___sys_sendmsg+0x10/0x10 [ 408.904780][T12634] ? __fget_files+0x244/0x3f0 [ 408.906004][T12634] __do_fast_syscall_32+0x73/0x120 [ 408.907332][T12634] do_fast_syscall_32+0x32/0x80 [ 408.908596][T12634] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 408.910592][T12634] RIP: 0023:0xf7f85579 [ 408.911858][T12634] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 408.917616][T12634] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 408.920616][T12634] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000300 [ 408.923470][T12634] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 408.926258][T12634] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 408.928916][T12634] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 408.931495][T12634] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 408.933961][T12634] [ 408.934876][ C1] vkms_vblank_simulate: vblank timer overrun [ 409.684791][T12647] lo speed is unknown, defaulting to 1000 [ 410.016758][T12652] nbd3: detected capacity change from 0 to 22 [ 410.020643][T12654] block nbd3: shutting down sockets [ 410.046691][ T10] blk_print_req_error: 40 callbacks suppressed [ 410.046703][ T10] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 410.051075][ T10] buffer_io_error: 40 callbacks suppressed [ 410.051088][ T10] Buffer I/O error on dev nbd3, logical block 0, async page read [ 410.058362][T11928] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 410.061452][T11928] Buffer I/O error on dev nbd3, logical block 0, async page read [ 410.063516][T11928] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 410.065843][T11928] Buffer I/O error on dev nbd3, logical block 0, async page read [ 410.070761][T11928] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 410.074133][T11928] Buffer I/O error on dev nbd3, logical block 0, async page read [ 410.080455][T11928] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 410.082854][T11928] Buffer I/O error on dev nbd3, logical block 0, async page read [ 410.084862][T11928] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 410.087525][T11928] Buffer I/O error on dev nbd3, logical block 0, async page read [ 410.089649][T11928] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 410.092683][T11928] Buffer I/O error on dev nbd3, logical block 0, async page read [ 410.095611][T11928] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 410.099961][T11928] Buffer I/O error on dev nbd3, logical block 0, async page read [ 410.102297][T11928] ldm_validate_partition_table(): Disk read failed. [ 410.104125][T11928] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 410.106525][T11928] Buffer I/O error on dev nbd3, logical block 0, async page read [ 410.108559][T11928] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 410.110987][T11928] Buffer I/O error on dev nbd3, logical block 0, async page read [ 410.113988][T11928] Dev nbd3: unable to read RDB block 0 [ 410.116444][T11928] nbd3: unable to read partition table [ 410.118620][T11928] nbd3: partition table beyond EOD, truncated [ 410.132666][T11928] ldm_validate_partition_table(): Disk read failed. [ 410.134543][T11928] Dev nbd3: unable to read RDB block 0 [ 410.136092][T11928] nbd3: unable to read partition table [ 410.138133][T11928] nbd3: partition table beyond EOD, truncated [ 410.155260][T12668] Bluetooth: MGMT ver 1.23 [ 410.226321][ T5377] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 410.386340][ T5377] usb 5-1: Using ep0 maxpacket: 32 [ 410.390575][ T5377] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 410.397742][ T5377] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 410.401230][ T5377] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 410.404251][ T5377] usb 5-1: Product: syz [ 410.405962][ T5377] usb 5-1: Manufacturer: syz [ 410.411918][ T5377] usb 5-1: SerialNumber: syz [ 410.415606][ T5377] usb 5-1: config 0 descriptor?? [ 410.418594][T12660] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 410.446596][ T8] usb 8-1: new low-speed USB device number 24 using dummy_hcd [ 410.594828][T12678] FAULT_INJECTION: forcing a failure. [ 410.594828][T12678] name failslab, interval 1, probability 0, space 0, times 0 [ 410.599621][T12678] CPU: 0 UID: 0 PID: 12678 Comm: syz.1.2007 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 410.603419][T12678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 410.607304][T12678] Call Trace: [ 410.608568][T12678] [ 410.609660][T12678] dump_stack_lvl+0x16c/0x1f0 [ 410.611402][T12678] should_fail_ex+0x497/0x5b0 [ 410.613144][T12678] ? fs_reclaim_acquire+0xae/0x160 [ 410.615005][T12678] should_failslab+0xc2/0x120 [ 410.616749][T12678] kmem_cache_alloc_node_noprof+0x71/0x310 [ 410.618877][T12678] ? __alloc_skb+0x2b3/0x380 [ 410.620605][T12678] __alloc_skb+0x2b3/0x380 [ 410.622405][T12678] ? __pfx___alloc_skb+0x10/0x10 [ 410.624221][T12678] ? lock_acquire+0x2f/0xb0 [ 410.625918][T12678] netlink_alloc_large_skb+0x69/0x130 [ 410.627881][T12678] netlink_sendmsg+0x689/0xd70 [ 410.629661][T12678] ? __pfx_netlink_sendmsg+0x10/0x10 [ 410.631579][T12678] ? lock_acquire+0x2f/0xb0 [ 410.633271][T12678] ____sys_sendmsg+0x9ae/0xb40 [ 410.635018][T12678] ? __pfx_____sys_sendmsg+0x10/0x10 [ 410.636978][T12678] ? get_compat_msghdr+0x11b/0x170 [ 410.638835][T12678] ? __pfx___lock_acquire+0x10/0x10 [ 410.640764][T12678] ___sys_sendmsg+0x135/0x1e0 [ 410.642495][T12678] ? __pfx____sys_sendmsg+0x10/0x10 [ 410.644420][T12678] ? lock_acquire+0x2f/0xb0 [ 410.646064][T12678] ? __fget_files+0x40/0x3f0 [ 410.647693][T12678] ? fdget+0x176/0x210 [ 410.649207][T12678] __sys_sendmsg+0x117/0x1f0 [ 410.650917][T12678] ? __pfx___sys_sendmsg+0x10/0x10 [ 410.653055][T12678] ? __fget_files+0x244/0x3f0 [ 410.654769][T12678] __do_fast_syscall_32+0x73/0x120 [ 410.656657][T12678] do_fast_syscall_32+0x32/0x80 [ 410.658363][T12678] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 410.660672][T12678] RIP: 0023:0xf7f9f579 [ 410.662118][T12678] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 410.669026][T12678] RSP: 002b:00000000f572656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 410.672039][T12678] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200000c0 [ 410.674863][T12678] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 410.677764][T12678] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 410.680662][T12678] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 410.683518][T12678] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 410.686776][T12678] [ 410.704322][ T8] usb 8-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 410.708024][ T8] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 410.711140][ T8] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 410.715783][ T8] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 410.719622][ T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.737326][ T8] hub 8-1:1.0: bad descriptor, ignoring hub [ 410.739667][ T8] hub 8-1:1.0: probe with driver hub failed with error -5 [ 410.742566][ T8] cdc_wdm 8-1:1.0: skipping garbage [ 410.744823][ T8] cdc_wdm 8-1:1.0: skipping garbage [ 410.747028][ T8] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 410.910242][ T1990] usb 5-1: USB disconnect, device number 24 [ 411.006327][ C3] usb 7-1: yurex_control_callback - control failed: -2 [ 411.014109][ T8] usb 7-1: USB disconnect, device number 21 [ 411.026891][ T8] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 411.732501][T12693] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2012'. [ 411.786541][ T1990] usb 8-1: USB disconnect, device number 24 [ 411.860088][T12704] 9pnet_fd: Insufficient options for proto=fd [ 411.862305][ T5345] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 411.867130][T12696] loop0: detected capacity change from 0 to 16384 [ 411.876426][T12704] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 411.924098][T12698] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 412.106347][ T5402] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 412.206401][ T64] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 412.209406][ T64] Bluetooth: hci0: command 0x040f tx timeout [ 412.220189][T12698] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 412.285563][ T5402] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 412.294689][ T5402] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 303 [ 412.298448][ T5402] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 412.308686][ T5402] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.315173][T12700] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 412.328120][ T5402] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 412.491957][T12711] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 412.529247][ T35] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 412.532488][ T35] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 412.548200][ T93] wlan1: send auth to 08:02:11:00:00:00 (try 2/3) [ 412.560626][ T93] wlan1: send auth to 08:02:11:00:00:00 (try 3/3) [ 412.562696][ T93] wlan1: authentication with 08:02:11:00:00:00 timed out [ 412.594839][T12711] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 412.602508][ T5402] usb 5-1: USB disconnect, device number 25 [ 412.673902][T12714] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 412.886324][ T1990] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 413.036944][ T1990] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 413.040946][ T1990] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 413.044445][ T1990] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 413.048705][ T1990] usb 6-1: config 0 interface 0 has no altsetting 0 [ 413.052659][ T1990] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 413.056173][ T1990] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 413.060438][ T1990] usb 6-1: config 0 interface 0 has no altsetting 0 [ 413.064009][ T1990] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 413.067384][ T1990] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 413.071458][ T1990] usb 6-1: config 0 interface 0 has no altsetting 0 [ 413.075068][ T1990] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 413.078322][ T1990] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 413.082266][ T1990] usb 6-1: config 0 interface 0 has no altsetting 0 [ 413.085854][ T1990] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 413.089223][ T1990] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 413.093177][ T1990] usb 6-1: config 0 interface 0 has no altsetting 0 [ 413.096798][ T1990] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 413.099960][ T1990] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 413.103810][ T1990] usb 6-1: config 0 interface 0 has no altsetting 0 [ 413.108557][ T1990] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 413.111757][ T1990] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 413.115666][ T1990] usb 6-1: config 0 interface 0 has no altsetting 0 [ 413.119633][ T1990] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 413.123047][ T1990] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 413.127208][ T1990] usb 6-1: config 0 interface 0 has no altsetting 0 [ 413.137823][ T1990] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 413.141074][ T1990] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 413.144041][ T1990] usb 6-1: Product: syz [ 413.145772][ T1990] usb 6-1: Manufacturer: syz [ 413.147683][ T1990] usb 6-1: SerialNumber: syz [ 413.163356][ T1990] usb 6-1: config 0 descriptor?? [ 413.172050][ T1990] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 413.751316][T12722] syzkaller1: entered promiscuous mode [ 413.753412][T12722] syzkaller1: entered allmulticast mode [ 413.858367][T12724] FAULT_INJECTION: forcing a failure. [ 413.858367][T12724] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 413.863336][T12724] CPU: 1 UID: 0 PID: 12724 Comm: syz.2.2020 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 413.867358][T12724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 413.871398][T12724] Call Trace: [ 413.872633][T12724] [ 413.873670][T12724] dump_stack_lvl+0x16c/0x1f0 [ 413.875081][T12724] should_fail_ex+0x497/0x5b0 [ 413.876852][T12724] _copy_from_user+0x30/0xf0 [ 413.878564][T12724] get_compat_msghdr+0xa8/0x170 [ 413.880372][T12724] ? __pfx_get_compat_msghdr+0x10/0x10 [ 413.882378][T12724] ? __pfx___lock_acquire+0x10/0x10 [ 413.884149][T12724] ___sys_sendmsg+0x1b0/0x1e0 [ 413.885696][T12724] ? __pfx____sys_sendmsg+0x10/0x10 [ 413.887065][T12724] ? __pfx___might_resched+0x10/0x10 [ 413.888551][T12724] __sys_sendmmsg+0x2a5/0x450 [ 413.889797][T12724] ? __pfx___sys_sendmmsg+0x10/0x10 [ 413.891174][T12724] ? vfs_write+0x14d/0x1140 [ 413.892407][T12724] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 413.894476][T12724] ? fput+0x30/0x390 [ 413.895812][T12724] ? ksys_write+0x1ad/0x260 [ 413.897374][T12724] ? __pfx_ksys_write+0x10/0x10 [ 413.899048][T12724] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 413.900961][T12724] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 413.903196][T12724] __do_fast_syscall_32+0x73/0x120 [ 413.904592][T12724] do_fast_syscall_32+0x32/0x80 [ 413.905961][T12724] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 413.908052][T12724] RIP: 0023:0xf73ce579 [ 413.909453][T12724] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 413.915644][T12724] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 413.918209][T12724] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100 [ 413.920571][T12724] RDX: 000000000400020d RSI: 0000000000000000 RDI: 0000000000000000 [ 413.923253][T12724] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 413.925879][T12724] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 413.928386][T12724] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 413.931238][T12724] [ 414.296489][ T35] usb 5-1: new low-speed USB device number 26 using dummy_hcd [ 414.459776][ T35] usb 5-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 414.463487][ T35] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 414.496352][ T35] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 414.516362][ T35] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 414.519462][ T35] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.568601][ T35] hub 5-1:1.0: bad descriptor, ignoring hub [ 414.570195][ T35] hub 5-1:1.0: probe with driver hub failed with error -5 [ 414.572291][ T35] cdc_wdm 5-1:1.0: skipping garbage [ 414.573648][ T35] cdc_wdm 5-1:1.0: skipping garbage [ 414.575009][ T35] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 415.486421][ C1] usb 6-1: yurex_control_callback - control failed: -2 [ 415.490687][ T5377] usb 6-1: USB disconnect, device number 30 [ 415.494259][ T5377] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 416.116897][ T30] usb 5-1: USB disconnect, device number 26 [ 416.249231][ T39] kauditd_printk_skb: 21 callbacks suppressed [ 416.249243][ T39] audit: type=1326 audit(1728127086.043:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12760 comm="syz.0.2029" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x0 [ 416.302739][T12766] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2030'. [ 416.373147][T12767] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2029'. [ 417.098998][T12775] loop0: detected capacity change from 0 to 16384 [ 417.538815][T12784] syz.0.2033 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 417.626087][ T39] audit: type=1326 audit(1728127087.413:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2033" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 417.632176][ T39] audit: type=1326 audit(1728127087.413:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2033" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 417.644234][ T39] audit: type=1326 audit(1728127087.413:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2033" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 417.651294][ T39] audit: type=1326 audit(1728127087.413:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2033" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 417.658747][ T39] audit: type=1326 audit(1728127087.413:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2033" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 417.664343][ T39] audit: type=1326 audit(1728127087.413:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2033" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 417.673836][ T39] audit: type=1326 audit(1728127087.413:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2033" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 417.681691][ T39] audit: type=1326 audit(1728127087.413:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2033" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 417.690049][ T39] audit: type=1326 audit(1728127087.413:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12781 comm="syz.0.2033" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 417.826314][ T5402] usb 8-1: new low-speed USB device number 25 using dummy_hcd [ 418.007505][ T5402] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 418.010083][ T5402] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 418.016313][ T5402] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 418.021722][ T5402] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 418.024051][ T5402] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.033152][ T5402] hub 8-1:1.0: bad descriptor, ignoring hub [ 418.038129][ T5402] hub 8-1:1.0: probe with driver hub failed with error -5 [ 418.045289][ T5402] cdc_wdm 8-1:1.0: skipping garbage [ 418.046777][ T5345] Bluetooth: hci0: Opcode 0x0401 failed: -110 [ 418.048470][ T5345] Bluetooth: hci0: command 0x040f tx timeout [ 418.053425][ T5402] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 418.586565][ T35] usb 7-1: new high-speed USB device number 22 using dummy_hcd [ 418.966483][ T7876] usb 8-1: USB disconnect, device number 25 [ 418.983575][T12804] netlink: 180 bytes leftover after parsing attributes in process `syz.3.2040'. [ 418.986269][ T5377] usb 6-1: new low-speed USB device number 31 using dummy_hcd [ 419.075253][ T35] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 419.080261][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 419.083135][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 419.089040][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 419.092372][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 419.095463][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 419.105135][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 419.109362][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 419.109398][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 419.109422][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 419.110384][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 419.110413][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 419.110436][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 419.111292][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 419.111320][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 419.111344][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 419.112164][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 419.112210][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 419.112234][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 419.113073][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 419.113105][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 419.113128][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 419.113969][ T35] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 419.114000][ T35] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 419.114028][ T35] usb 7-1: config 0 interface 0 has no altsetting 0 [ 419.115913][ T35] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 419.115936][ T35] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 419.115954][ T35] usb 7-1: Product: syz [ 419.115967][ T35] usb 7-1: Manufacturer: syz [ 419.115979][ T35] usb 7-1: SerialNumber: syz [ 419.123009][ T35] usb 7-1: config 0 descriptor?? [ 419.126919][ T35] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 419.137627][ T5377] usb 6-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 419.196349][ T5377] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 419.199190][ T5377] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 419.202460][ T5377] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 419.212708][ T5377] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.216740][ T5377] hub 6-1:1.0: bad descriptor, ignoring hub [ 419.218325][ T5377] hub 6-1:1.0: probe with driver hub failed with error -5 [ 419.220488][ T5377] cdc_wdm 6-1:1.0: skipping garbage [ 419.221935][ T5377] cdc_wdm 6-1:1.0: skipping garbage [ 419.223407][ T5377] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22 [ 419.346762][T12815] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2043'. [ 420.606077][ T64] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 420.617183][T12828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 420.629895][T12828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 420.684772][T12828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 421.299821][ C3] usb 7-1: yurex_control_callback - control failed: -2 [ 421.315049][ T6432] usb 7-1: USB disconnect, device number 22 [ 421.318771][ T6432] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 421.911562][T12847] ebtables: wrong size: *len 80, entries_size 144, replsz 144 [ 422.050480][T12849] FAULT_INJECTION: forcing a failure. [ 422.050480][T12849] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 422.054014][T12849] CPU: 2 UID: 0 PID: 12849 Comm: syz.0.2054 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 422.056869][T12849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 422.059461][T12849] Call Trace: [ 422.060270][T12849] [ 422.061079][T12849] dump_stack_lvl+0x16c/0x1f0 [ 422.062408][T12849] should_fail_ex+0x497/0x5b0 [ 422.063712][T12849] _copy_from_user+0x30/0xf0 [ 422.064985][T12849] do_sys_poll+0x1d6/0xde0 [ 422.066207][T12849] ? __pfx_mark_lock+0x10/0x10 [ 422.067486][T12849] ? __pfx_do_sys_poll+0x10/0x10 [ 422.068816][T12849] ? __pfx___lock_acquire+0x10/0x10 [ 422.070212][T12849] ? __pfx___lock_acquire+0x10/0x10 [ 422.071617][T12849] ? __pfx_timespec64_add_safe+0x10/0x10 [ 422.073137][T12849] ? set_compat_user_sigmask+0x20f/0x2a0 [ 422.074667][T12849] ? __pfx_set_compat_user_sigmask+0x10/0x10 [ 422.076282][T12849] __ia32_compat_sys_ppoll_time32+0x24a/0x2c0 [ 422.077874][T12849] ? __pfx___ia32_compat_sys_ppoll_time32+0x10/0x10 [ 422.079594][T12849] ? ksys_write+0x1ad/0x260 [ 422.080844][T12849] ? __pfx_ksys_write+0x10/0x10 [ 422.082166][T12849] __do_fast_syscall_32+0x73/0x120 [ 422.083566][T12849] do_fast_syscall_32+0x32/0x80 [ 422.084940][T12849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 422.086609][T12849] RIP: 0023:0xf7f85579 [ 422.087685][T12849] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 422.092711][T12849] RSP: 002b:00000000f570656c EFLAGS: 00000296 ORIG_RAX: 0000000000000135 [ 422.094886][T12849] RAX: ffffffffffffffda RBX: 0000000020000340 RCX: 000000000000006c [ 422.096969][T12849] RDX: 0000000020000380 RSI: 0000000000000000 RDI: 0000000000000000 [ 422.099031][T12849] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 422.101122][T12849] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 422.103199][T12849] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 422.105273][T12849] [ 422.157570][T12851] lo speed is unknown, defaulting to 1000 [ 422.312811][ T6432] usb 6-1: USB disconnect, device number 31 [ 422.616858][ T6432] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 422.696486][ T5377] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 422.733104][T12859] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2057'. [ 422.766344][ T6432] usb 6-1: Using ep0 maxpacket: 16 [ 422.769221][ T6432] usb 6-1: config 0 has no interfaces? [ 422.772237][ T6432] usb 6-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 422.774587][ T6432] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.781828][ T6432] usb 6-1: Product: syz [ 422.782951][ T6432] usb 6-1: Manufacturer: syz [ 422.784185][ T6432] usb 6-1: SerialNumber: syz [ 422.786342][ T6432] usb 6-1: config 0 descriptor?? [ 422.848177][ T5377] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 422.853213][ T5377] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 422.856403][ T5377] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 422.859438][ T5377] usb 5-1: config 0 interface 0 has no altsetting 0 [ 422.864540][ T5377] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 422.867249][ T5377] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 422.870296][ T5377] usb 5-1: config 0 interface 0 has no altsetting 0 [ 422.873607][ T5377] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 422.876443][ T5377] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 422.879498][ T5377] usb 5-1: config 0 interface 0 has no altsetting 0 [ 422.883799][ T5377] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 422.886184][ T5377] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 422.889130][ T5377] usb 5-1: config 0 interface 0 has no altsetting 0 [ 422.892223][ T5377] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 422.894843][ T5377] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 422.897965][ T5377] usb 5-1: config 0 interface 0 has no altsetting 0 [ 422.901203][ T5377] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 422.903647][ T5377] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 422.907367][ T5377] usb 5-1: config 0 interface 0 has no altsetting 0 [ 422.910314][ T5377] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 422.912721][ T5377] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 422.915759][ T5377] usb 5-1: config 0 interface 0 has no altsetting 0 [ 422.919327][ T5377] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 422.921699][ T5377] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 422.924544][ T5377] usb 5-1: config 0 interface 0 has no altsetting 0 [ 422.930066][ T5377] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 422.932455][ T5377] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 422.934633][ T5377] usb 5-1: Product: syz [ 422.935755][ T5377] usb 5-1: Manufacturer: syz [ 422.938930][ T5377] usb 5-1: SerialNumber: syz [ 422.944694][ T5377] usb 5-1: config 0 descriptor?? [ 422.950672][ T5377] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 423.281972][ T5402] usb 6-1: USB disconnect, device number 32 [ 423.757363][T12873] netlink: 'syz.3.2062': attribute type 9 has an invalid length. [ 423.759614][T12873] netlink: 134672 bytes leftover after parsing attributes in process `syz.3.2062'. [ 423.762122][T12873] openvswitch: netlink: Key 2 has unexpected len 20 expected 4 [ 423.916403][ T5402] usb 7-1: new low-speed USB device number 23 using dummy_hcd [ 424.069837][ T5402] usb 7-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 424.077912][ T5402] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 424.089461][ T5402] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 424.094076][ T5402] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 424.111887][ T5402] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.132909][ T5402] hub 7-1:1.0: bad descriptor, ignoring hub [ 424.135252][ T5402] hub 7-1:1.0: probe with driver hub failed with error -5 [ 424.155201][ T5402] cdc_wdm 7-1:1.0: skipping garbage [ 424.156884][ T5402] cdc_wdm 7-1:1.0: skipping garbage [ 424.158364][ T5402] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22 [ 424.828012][T12890] input: syz0 as /devices/virtual/input/input18 [ 425.246317][ C0] usb 5-1: yurex_control_callback - control failed: -2 [ 425.276840][T12617] usb 5-1: USB disconnect, device number 27 [ 425.309956][T12617] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 425.530933][T12896] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2068'. [ 425.897674][T12617] usb 7-1: USB disconnect, device number 23 [ 425.977507][ T39] kauditd_printk_skb: 26 callbacks suppressed [ 425.977518][ T39] audit: type=1326 audit(1728127095.773:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12897 comm="syz.0.2069" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x0 [ 426.128380][T12907] netlink: 172 bytes leftover after parsing attributes in process `syz.1.2072'. [ 426.789473][T12916] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.2075'. [ 427.416420][ T1446] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 427.582921][ T1446] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 427.586614][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 427.589712][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 427.593637][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 427.602193][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 427.605314][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 427.609177][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 427.620525][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 427.623637][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 427.636401][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 427.645282][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 427.648732][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 427.652496][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 427.656385][ T5402] usb 7-1: new low-speed USB device number 24 using dummy_hcd [ 427.677648][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 427.680906][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 427.684986][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 427.697771][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 427.700913][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 427.704687][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 427.717608][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 427.720782][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 427.724179][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 427.736836][ T1446] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 427.740192][ T1446] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 427.743917][ T1446] usb 6-1: config 0 interface 0 has no altsetting 0 [ 427.748949][ T1446] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 427.752417][ T1446] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 427.755384][ T1446] usb 6-1: Product: syz [ 427.757009][ T1446] usb 6-1: Manufacturer: syz [ 427.758685][ T1446] usb 6-1: SerialNumber: syz [ 427.762400][ T1446] usb 6-1: config 0 descriptor?? [ 427.779174][ T1446] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0 [ 427.830234][ T5402] usb 7-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 427.837011][ T5402] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 427.839527][ T5402] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 427.843327][ T5402] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 427.846034][ T5402] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.852268][ T5402] hub 7-1:1.0: bad descriptor, ignoring hub [ 427.855433][ T5402] hub 7-1:1.0: probe with driver hub failed with error -5 [ 427.862648][ T5402] cdc_wdm 7-1:1.0: skipping garbage [ 427.866824][ T5402] cdc_wdm 7-1:1.0: skipping garbage [ 427.870206][ T5402] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22 [ 428.103464][T12938] FAULT_INJECTION: forcing a failure. [ 428.103464][T12938] name failslab, interval 1, probability 0, space 0, times 0 [ 428.107158][T12938] CPU: 0 UID: 0 PID: 12938 Comm: syz.3.2083 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 428.109975][T12938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 428.112731][T12938] Call Trace: [ 428.113625][T12938] [ 428.114404][T12938] dump_stack_lvl+0x16c/0x1f0 [ 428.115655][T12938] should_fail_ex+0x497/0x5b0 [ 428.116942][T12938] should_failslab+0xc2/0x120 [ 428.118188][T12938] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 428.119592][T12938] ? skb_clone+0x190/0x3f0 [ 428.120777][T12938] skb_clone+0x190/0x3f0 [ 428.121903][T12938] netlink_deliver_tap+0xb26/0xcf0 [ 428.123254][T12938] netlink_unicast+0x5e1/0x7f0 [ 428.124523][T12938] ? __pfx_netlink_unicast+0x10/0x10 [ 428.125908][T12938] ? __phys_addr_symbol+0x30/0x80 [ 428.127240][T12938] ? __check_object_size+0x488/0x710 [ 428.128652][T12938] netlink_sendmsg+0x8b8/0xd70 [ 428.129915][T12938] ? __pfx_netlink_sendmsg+0x10/0x10 [ 428.131300][T12938] ? lock_acquire+0x2f/0xb0 [ 428.132513][T12938] ____sys_sendmsg+0x9ae/0xb40 [ 428.133771][T12938] ? __pfx_____sys_sendmsg+0x10/0x10 [ 428.135148][T12938] ? get_compat_msghdr+0x11b/0x170 [ 428.136583][T12938] ? __pfx___lock_acquire+0x10/0x10 [ 428.138000][T12938] ___sys_sendmsg+0x135/0x1e0 [ 428.139234][T12938] ? __pfx____sys_sendmsg+0x10/0x10 [ 428.140904][T12938] ? lock_acquire+0x2f/0xb0 [ 428.142114][T12938] ? __fget_files+0x40/0x3f0 [ 428.143345][T12938] ? fdget+0x176/0x210 [ 428.144428][T12938] __sys_sendmsg+0x117/0x1f0 [ 428.145651][T12938] ? __pfx___sys_sendmsg+0x10/0x10 [ 428.147040][T12938] ? __fget_files+0x244/0x3f0 [ 428.148313][T12938] __do_fast_syscall_32+0x73/0x120 [ 428.149663][T12938] do_fast_syscall_32+0x32/0x80 [ 428.150940][T12938] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 428.152611][T12938] RIP: 0023:0xf748e579 [ 428.153688][T12938] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 428.158744][T12938] RSP: 002b:00000000f577656c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 428.160930][T12938] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000340 [ 428.163021][T12938] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 428.165552][T12938] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 428.168216][T12938] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 428.170882][T12938] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 428.173580][T12938] [ 428.174733][ C0] vkms_vblank_simulate: vblank timer overrun [ 428.346282][ T5402] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 428.496289][ T5402] usb 5-1: Using ep0 maxpacket: 8 [ 428.499747][ T5402] usb 5-1: config 0 has an invalid interface number: 255 but max is 0 [ 428.502165][ T5402] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 428.504762][ T5402] usb 5-1: config 0 has no interface number 0 [ 428.506786][ T5402] usb 5-1: config 0 interface 255 has no altsetting 0 [ 428.510498][ T5402] usb 5-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 428.512935][ T5402] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 428.515159][ T5402] usb 5-1: Product: syz [ 428.516665][ T5402] usb 5-1: Manufacturer: syz [ 428.517906][ T5402] usb 5-1: SerialNumber: syz [ 428.520528][ T5402] usb 5-1: config 0 descriptor?? [ 428.525377][ T5402] streamzap 5-1:0.255: streamzap_probe: Unexpected desc.bNumEndpoints (0) [ 428.751658][T12933] tipc: Failed to remove unknown binding: 66,1,1/0:2927170003/2927170005 [ 428.754882][T12933] tipc: Failed to remove unknown binding: 66,1,1/0:2927170003/2927170005 [ 428.770208][ T5402] usb 5-1: USB disconnect, device number 28 [ 428.982595][T12957] block nbd3: shutting down sockets [ 429.716723][ T39] audit: type=1326 audit(1728127099.513:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.0.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 429.723191][ T39] audit: type=1326 audit(1728127099.513:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.0.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 429.723512][T12963] FAULT_INJECTION: forcing a failure. [ 429.723512][T12963] name failslab, interval 1, probability 0, space 0, times 0 [ 429.730554][ T39] audit: type=1326 audit(1728127099.513:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.0.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 429.739094][ T39] audit: type=1326 audit(1728127099.513:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.0.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 429.746673][ T39] audit: type=1326 audit(1728127099.513:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.0.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 429.753915][ T39] audit: type=1326 audit(1728127099.513:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.0.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 429.756235][T12963] CPU: 3 UID: 0 PID: 12963 Comm: syz.0.2091 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 429.762013][ T39] audit: type=1326 audit(1728127099.513:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.0.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 429.763962][T12963] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 429.763972][T12963] Call Trace: [ 429.772812][ T39] audit: type=1326 audit(1728127099.513:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.0.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 429.774941][T12963] [ 429.774948][T12963] dump_stack_lvl+0x16c/0x1f0 [ 429.775971][ T39] audit: type=1326 audit(1728127099.513:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12962 comm="syz.0.2091" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f85579 code=0x7ffc0000 [ 429.781349][T12963] should_fail_ex+0x497/0x5b0 [ 429.781368][T12963] ? fs_reclaim_acquire+0xae/0x160 [ 429.781383][T12963] should_failslab+0xc2/0x120 [ 429.781398][T12963] kmem_cache_alloc_noprof+0x6e/0x2f0 [ 429.781412][T12963] ? security_inode_alloc+0x34/0x2b0 [ 429.781427][T12963] security_inode_alloc+0x34/0x2b0 [ 429.797083][T12963] inode_init_always+0xc5b/0xf90 [ 429.798392][T12963] alloc_inode+0x7d/0x230 [ 429.799523][T12963] path_from_stashed+0x55f/0xec0 [ 429.800832][T12963] ? __pfx_path_from_stashed+0x10/0x10 [ 429.802277][T12963] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 429.803660][T12963] ? lock_acquire+0x2f/0xb0 [ 429.804862][T12963] pidfs_alloc_file+0xff/0x1f0 [ 429.806107][T12963] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 429.807500][T12963] pidfd_prepare+0xa8/0x150 [ 429.808688][T12963] __ia32_sys_pidfd_open+0x106/0x1a0 [ 429.810086][T12963] ? __pfx___ia32_sys_pidfd_open+0x10/0x10 [ 429.811600][T12963] ? __secure_computing+0x273/0x3f0 [ 429.813181][T12963] __do_fast_syscall_32+0x73/0x120 [ 429.814739][T12963] do_fast_syscall_32+0x32/0x80 [ 429.816050][T12963] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 429.817749][T12963] RIP: 0023:0xf7f85579 [ 429.818847][T12963] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 429.824431][T12963] RSP: 002b:00000000f570653c EFLAGS: 00000296 ORIG_RAX: 00000000000001b2 [ 429.826762][T12963] RAX: ffffffffffffffda RBX: 0000000000000691 RCX: 0000000000000000 [ 429.828840][T12963] RDX: 00000000f725d2f4 RSI: 00000000f7413260 RDI: 00000000f712a1a6 [ 429.830888][T12963] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 429.833732][T12963] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 429.835783][T12963] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 429.837855][T12963] [ 430.047360][ C2] usb 6-1: yurex_control_callback - control failed: -2 [ 430.051318][ T5402] usb 6-1: USB disconnect, device number 33 [ 430.053833][ T5402] yurex 6-1:0.0: USB YUREX #0 now disconnected [ 430.666331][T12984] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 430.668669][T12984] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 430.688422][T12984] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 430.707050][T12984] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 430.823724][ T5377] usb 7-1: USB disconnect, device number 24 [ 431.238955][T13004] dccp_close: ABORT with 32 bytes unread [ 431.366556][ T30] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 431.478341][T13018] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2109'. [ 431.536789][ T30] usb 7-1: too many configurations: 9, using maximum allowed: 8 [ 431.540230][ T30] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 431.543463][ T30] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 431.549625][ T30] usb 7-1: config 0 interface 0 has no altsetting 0 [ 431.559754][ T30] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 431.562675][ T30] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 431.566142][ T30] usb 7-1: config 0 interface 0 has no altsetting 0 [ 431.578321][ T30] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 431.581633][ T30] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 431.585534][ T30] usb 7-1: config 0 interface 0 has no altsetting 0 [ 431.589482][ T30] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 431.591995][ T30] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 431.595537][ T30] usb 7-1: config 0 interface 0 has no altsetting 0 [ 431.599220][ T30] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 431.602518][ T30] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 431.606657][ T30] usb 7-1: config 0 interface 0 has no altsetting 0 [ 431.609669][ T30] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 431.613073][ T30] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 431.616092][ T30] usb 7-1: config 0 interface 0 has no altsetting 0 [ 431.616261][ T5377] usb 8-1: new low-speed USB device number 26 using dummy_hcd [ 431.618803][ T30] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 431.623651][ T30] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 431.627024][ T30] usb 7-1: config 0 interface 0 has no altsetting 0 [ 431.629588][ T30] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 431.632061][ T30] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 431.636008][ T30] usb 7-1: config 0 interface 0 has no altsetting 0 [ 431.640712][ T30] usb 7-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 431.644176][ T30] usb 7-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 431.647655][ T30] usb 7-1: Product: syz [ 431.649390][ T30] usb 7-1: Manufacturer: syz [ 431.651314][ T30] usb 7-1: SerialNumber: syz [ 431.662918][ T30] usb 7-1: config 0 descriptor?? [ 431.671802][ T30] yurex 7-1:0.0: USB YUREX device now attached to Yurex #0 [ 431.788566][ T5377] usb 8-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 431.791400][ T5377] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 431.806890][ T5377] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 431.810340][ T5377] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 431.812709][ T5377] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.819739][ T5377] hub 8-1:1.0: bad descriptor, ignoring hub [ 431.821541][ T5377] hub 8-1:1.0: probe with driver hub failed with error -5 [ 431.824101][ T5377] cdc_wdm 8-1:1.0: skipping garbage [ 431.825618][ T5377] cdc_wdm 8-1:1.0: skipping garbage [ 431.829327][ T5377] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 431.873023][ T30] usb 7-1: USB disconnect, device number 25 [ 431.883726][ T30] yurex 7-1:0.0: USB YUREX #0 now disconnected [ 432.459637][ C3] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 432.487879][ C3] ------------[ cut here ]------------ [ 432.490169][ C3] WARNING: CPU: 3 PID: 13022 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x1627/0x24d0 [ 432.493774][ C3] Modules linked in: [ 432.495263][ C3] CPU: 3 UID: 0 PID: 13022 Comm: syz.2.2111 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 432.500552][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 432.504047][ C3] RIP: 0010:__mptcp_move_skbs_from_subflow+0x1627/0x24d0 [ 432.506427][ C3] Code: 02 48 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 86 0d 00 00 c6 43 7f 00 e9 22 f0 ff ff 48 8b ac 24 a0 00 00 00 e8 9a 22 99 f6 90 <0f> 0b 90 e9 49 f3 ff ff e8 8c 22 99 f6 90 0f 0b 90 e9 df f0 ff ff [ 432.512786][ C3] RSP: 0018:ffffc900005f0408 EFLAGS: 00010246 [ 432.514810][ C3] RAX: 0000000000000000 RBX: 00000000000081e5 RCX: ffffffff8af377c2 [ 432.517521][ C3] RDX: ffff88802120a440 RSI: ffffffff8af38526 RDI: 0000000000000004 [ 432.520172][ C3] RBP: ffffc900005f0528 R08: 0000000000000004 R09: 00000000000081e5 [ 432.522785][ C3] R10: 00000000000055f0 R11: 0000000000000000 R12: ffff8880606b2668 [ 432.525163][ C3] R13: 0000000000000000 R14: ffff8880606b2580 R15: dffffc0000000000 [ 432.527242][ C3] FS: 0000000000000000(0000) GS:ffff88802b700000(0063) knlGS:00000000f56b6b40 [ 432.529526][ C3] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 432.531245][ C3] CR2: ffffffffdfa50000 CR3: 000000006d06c000 CR4: 0000000000352ef0 [ 432.533304][ C3] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 432.535345][ C3] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 432.537485][ C3] Call Trace: [ 432.538729][ C3] [ 432.539481][ C3] ? __warn+0xea/0x3d0 [ 432.540553][ C3] ? __mptcp_move_skbs_from_subflow+0x1627/0x24d0 [ 432.542209][ C3] ? report_bug+0x3c0/0x580 [ 432.543401][ C3] ? handle_bug+0x54/0xa0 [ 432.544550][ C3] ? exc_invalid_op+0x17/0x50 [ 432.545784][ C3] ? asm_exc_invalid_op+0x1a/0x20 [ 432.547160][ C3] ? __mptcp_move_skbs_from_subflow+0x8c2/0x24d0 [ 432.548813][ C3] ? __mptcp_move_skbs_from_subflow+0x1626/0x24d0 [ 432.550486][ C3] ? __mptcp_move_skbs_from_subflow+0x1627/0x24d0 [ 432.552172][ C3] ? __mptcp_move_skbs_from_subflow+0x1626/0x24d0 [ 432.553847][ C3] mptcp_data_ready+0x30e/0x8e0 [ 432.555125][ C3] ? __pfx_mptcp_data_ready+0x10/0x10 [ 432.556588][ C3] subflow_data_ready+0x51d/0x7d0 [ 432.557901][ C3] ? __pfx_subflow_data_ready+0x10/0x10 [ 432.559329][ C3] ? __pfx_tcp_grow_window+0x10/0x10 [ 432.560725][ C3] tcp_data_ready+0x146/0x5b0 [ 432.561944][ C3] ? tcp_event_data_recv+0xb6e/0x1410 [ 432.563358][ C3] ? __pfx_tcp_data_ready+0x10/0x10 [ 432.564718][ C3] tcp_data_queue+0x1a6f/0x5280 [ 432.566000][ C3] ? tcp_urg+0x110/0xb80 [ 432.567164][ C3] ? __pfx_tcp_data_queue+0x10/0x10 [ 432.568518][ C3] ? tcp_send_dupack+0x770/0x810 [ 432.569795][ C3] ? ktime_get+0xfb/0x1a0 [ 432.570918][ C3] tcp_rcv_established+0x8b1/0x21c0 [ 432.572266][ C3] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 432.573704][ C3] ? __pfx_tcp_rcv_established+0x10/0x10 [ 432.575141][ C3] ? do_raw_spin_lock+0x12d/0x2c0 [ 432.576517][ C3] ? __pfx_ipv4_dst_check+0x10/0x10 [ 432.577868][ C3] tcp_v4_do_rcv+0x5ca/0xa90 [ 432.579071][ C3] tcp_v4_rcv+0x33bc/0x43b0 [ 432.580256][ C3] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 432.581513][ C3] ? __pfx_raw_local_deliver+0x10/0x10 [ 432.582925][ C3] ? rcu_is_watching+0x12/0xc0 [ 432.584179][ C3] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 432.585438][ C3] ip_protocol_deliver_rcu+0xba/0x4c0 [ 432.586875][ C3] ip_local_deliver_finish+0x316/0x570 [ 432.588755][ C3] ip_local_deliver+0x18e/0x1f0 [ 432.590034][ C3] ? __pfx_ip_local_deliver+0x10/0x10 [ 432.591425][ C3] ip_rcv+0x2c3/0x5d0 [ 432.592478][ C3] ? __pfx_ip_rcv+0x10/0x10 [ 432.593693][ C3] __netif_receive_skb_one_core+0x199/0x1e0 [ 432.595219][ C3] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 432.596958][ C3] ? trace_lock_acquire+0x14a/0x1d0 [ 432.598302][ C3] ? process_backlog+0x3f1/0x15f0 [ 432.599612][ C3] ? process_backlog+0x3f1/0x15f0 [ 432.600927][ C3] __netif_receive_skb+0x1d/0x160 [ 432.602234][ C3] process_backlog+0x443/0x15f0 [ 432.603491][ C3] __napi_poll.constprop.0+0xb7/0x550 [ 432.604871][ C3] net_rx_action+0xa92/0x1010 [ 432.606092][ C3] ? __pfx_net_rx_action+0x10/0x10 [ 432.607464][ C3] ? __pfx_mark_lock+0x10/0x10 [ 432.608716][ C3] ? kvm_sched_clock_read+0x11/0x20 [ 432.610055][ C3] ? sched_clock+0x38/0x60 [ 432.611209][ C3] ? sched_clock_cpu+0x6d/0x4d0 [ 432.612477][ C3] ? mark_held_locks+0x9f/0xe0 [ 432.613716][ C3] handle_softirqs+0x213/0x8f0 [ 432.614957][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 432.616394][ C3] ? __dev_queue_xmit+0x872/0x4350 [ 432.617711][ C3] do_softirq+0xb2/0xf0 [ 432.618795][ C3] [ 432.619566][ C3] [ 432.620342][ C3] __local_bh_enable_ip+0x100/0x120 [ 432.621673][ C3] ? __dev_queue_xmit+0x872/0x4350 [ 432.622993][ C3] __dev_queue_xmit+0x887/0x4350 [ 432.624275][ C3] ? hlock_class+0x4e/0x130 [ 432.625457][ C3] ? __lock_acquire+0x163e/0x3ce0 [ 432.626836][ C3] ? __pfx___dev_queue_xmit+0x10/0x10 [ 432.628230][ C3] ? hlock_class+0x4e/0x130 [ 432.629415][ C3] ? mark_lock+0xb5/0xc60 [ 432.630545][ C3] ? __pfx___lock_acquire+0x10/0x10 [ 432.631896][ C3] ? __pfx_mark_lock+0x10/0x10 [ 432.633147][ C3] ? find_held_lock+0x2d/0x110 [ 432.634390][ C3] ? __ip_finish_output+0x49e/0x950 [ 432.635750][ C3] ? __pfx_lock_release+0x10/0x10 [ 432.637107][ C3] ? mark_held_locks+0x9f/0xe0 [ 432.638364][ C3] ip_finish_output2+0x16d5/0x2530 [ 432.640435][ C3] ? __pfx_ip_finish_output2+0x10/0x10 [ 432.641861][ C3] ? ip_skb_dst_mtu+0x3fc/0xc70 [ 432.643112][ C3] ? __pfx_ip_skb_dst_mtu+0x10/0x10 [ 432.644470][ C3] __ip_finish_output+0x49e/0x950 [ 432.645769][ C3] ip_finish_output+0x31/0x310 [ 432.647072][ C3] ip_output+0x13b/0x2a0 [ 432.648213][ C3] ? __pfx_ip_output+0x10/0x10 [ 432.649502][ C3] ip_local_out+0x33e/0x4a0 [ 432.650691][ C3] __ip_queue_xmit+0x747/0x1940 [ 432.651959][ C3] ? __pfx_ip_queue_xmit+0x10/0x10 [ 432.653297][ C3] __tcp_transmit_skb+0x2a3a/0x3da0 [ 432.654652][ C3] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 432.656102][ C3] ? kasan_quarantine_put+0x10a/0x240 [ 432.657565][ C3] tcp_write_xmit+0x7d13/0x8b80 [ 432.658841][ C3] __tcp_push_pending_frames+0xaf/0x390 [ 432.660295][ C3] tcp_rcv_established+0x93a/0x21c0 [ 432.661636][ C3] ? __pfx_tcp_rcv_established+0x10/0x10 [ 432.663064][ C3] ? __pfx_lock_release+0x10/0x10 [ 432.664374][ C3] tcp_v4_do_rcv+0x5ca/0xa90 [ 432.665569][ C3] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 432.666934][ C3] __release_sock+0x31b/0x400 [ 432.668166][ C3] ? release_sock+0x21/0x220 [ 432.669374][ C3] release_sock+0x5a/0x220 [ 432.670525][ C3] __mptcp_push_pending+0x400/0x560 [ 432.671869][ C3] ? __pfx___mptcp_push_pending+0x10/0x10 [ 432.673337][ C3] ? __virt_addr_valid+0x5e/0x590 [ 432.674634][ C3] ? const_folio_flags.constprop.0+0x56/0x150 [ 432.676264][ C3] ? __phys_addr_symbol+0x30/0x80 [ 432.677563][ C3] ? __check_object_size+0x488/0x710 [ 432.678939][ C3] mptcp_sendmsg+0xce5/0x1f20 [ 432.680170][ C3] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 432.681492][ C3] ? __pfx_aa_sk_perm+0x10/0x10 [ 432.682750][ C3] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 432.684078][ C3] inet_sendmsg+0x119/0x140 [ 432.685253][ C3] __sys_sendto+0x426/0x4d0 [ 432.686470][ C3] ? __pfx___sys_sendto+0x10/0x10 [ 432.687768][ C3] ? __sys_connect+0xea/0x180 [ 432.688994][ C3] ? xfd_validate_state+0x5d/0x180 [ 432.690314][ C3] ? rcu_is_watching+0x12/0xc0 [ 432.692144][ C3] __ia32_sys_sendto+0xdd/0x1b0 [ 432.693409][ C3] ? lockdep_hardirqs_on+0x7c/0x110 [ 432.694742][ C3] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 432.696493][ C3] __do_fast_syscall_32+0x73/0x120 [ 432.697813][ C3] do_fast_syscall_32+0x32/0x80 [ 432.699074][ C3] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 432.700717][ C3] RIP: 0023:0xf73ce579 [ 432.701776][ C3] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 432.706709][ C3] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 432.708862][ C3] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000040 [ 432.710891][ C3] RDX: 00000000ffffff4c RSI: 0000000000000000 RDI: 0000000000000000 [ 432.712921][ C3] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 432.714934][ C3] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 432.717019][ C3] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 432.719054][ C3] [ 432.719870][ C3] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 432.721736][ C3] CPU: 3 UID: 0 PID: 13022 Comm: syz.2.2111 Not tainted 6.12.0-rc1-syzkaller-00306-g27cc6fdf7201 #0 [ 432.724481][ C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 432.727219][ C3] Call Trace: [ 432.728165][ C3] [ 432.728960][ C3] dump_stack_lvl+0x3d/0x1f0 [ 432.730196][ C3] panic+0x71d/0x800 [ 432.731241][ C3] ? __pfx_panic+0x10/0x10 [ 432.732427][ C3] ? show_trace_log_lvl+0x29d/0x3d0 [ 432.733782][ C3] ? check_panic_on_warn+0x1f/0xb0 [ 432.735114][ C3] ? __mptcp_move_skbs_from_subflow+0x1627/0x24d0 [ 432.736790][ C3] check_panic_on_warn+0xab/0xb0 [ 432.738114][ C3] __warn+0xf6/0x3d0 [ 432.739186][ C3] ? __mptcp_move_skbs_from_subflow+0x1627/0x24d0 [ 432.740897][ C3] report_bug+0x3c0/0x580 [ 432.742035][ C3] handle_bug+0x54/0xa0 [ 432.743122][ C3] exc_invalid_op+0x17/0x50 [ 432.744951][ C3] asm_exc_invalid_op+0x1a/0x20 [ 432.746208][ C3] RIP: 0010:__mptcp_move_skbs_from_subflow+0x1627/0x24d0 [ 432.747998][ C3] Code: 02 48 89 ea 83 e2 07 38 d0 7f 08 84 c0 0f 85 86 0d 00 00 c6 43 7f 00 e9 22 f0 ff ff 48 8b ac 24 a0 00 00 00 e8 9a 22 99 f6 90 <0f> 0b 90 e9 49 f3 ff ff e8 8c 22 99 f6 90 0f 0b 90 e9 df f0 ff ff [ 432.752941][ C3] RSP: 0018:ffffc900005f0408 EFLAGS: 00010246 [ 432.754512][ C3] RAX: 0000000000000000 RBX: 00000000000081e5 RCX: ffffffff8af377c2 [ 432.756547][ C3] RDX: ffff88802120a440 RSI: ffffffff8af38526 RDI: 0000000000000004 [ 432.758564][ C3] RBP: ffffc900005f0528 R08: 0000000000000004 R09: 00000000000081e5 [ 432.760597][ C3] R10: 00000000000055f0 R11: 0000000000000000 R12: ffff8880606b2668 [ 432.762627][ C3] R13: 0000000000000000 R14: ffff8880606b2580 R15: dffffc0000000000 [ 432.764684][ C3] ? __mptcp_move_skbs_from_subflow+0x8c2/0x24d0 [ 432.766318][ C3] ? __mptcp_move_skbs_from_subflow+0x1626/0x24d0 [ 432.767973][ C3] ? __mptcp_move_skbs_from_subflow+0x1626/0x24d0 [ 432.769627][ C3] mptcp_data_ready+0x30e/0x8e0 [ 432.770869][ C3] ? __pfx_mptcp_data_ready+0x10/0x10 [ 432.772262][ C3] subflow_data_ready+0x51d/0x7d0 [ 432.773566][ C3] ? __pfx_subflow_data_ready+0x10/0x10 [ 432.774990][ C3] ? __pfx_tcp_grow_window+0x10/0x10 [ 432.776369][ C3] tcp_data_ready+0x146/0x5b0 [ 432.777590][ C3] ? tcp_event_data_recv+0xb6e/0x1410 [ 432.778988][ C3] ? __pfx_tcp_data_ready+0x10/0x10 [ 432.780342][ C3] tcp_data_queue+0x1a6f/0x5280 [ 432.781606][ C3] ? tcp_urg+0x110/0xb80 [ 432.782708][ C3] ? __pfx_tcp_data_queue+0x10/0x10 [ 432.784049][ C3] ? tcp_send_dupack+0x770/0x810 [ 432.785340][ C3] ? ktime_get+0xfb/0x1a0 [ 432.786461][ C3] tcp_rcv_established+0x8b1/0x21c0 [ 432.787803][ C3] ? __pfx_lock_acquire.part.0+0x10/0x10 [ 432.789254][ C3] ? __pfx_tcp_rcv_established+0x10/0x10 [ 432.790697][ C3] ? do_raw_spin_lock+0x12d/0x2c0 [ 432.791997][ C3] ? __pfx_ipv4_dst_check+0x10/0x10 [ 432.793345][ C3] tcp_v4_do_rcv+0x5ca/0xa90 [ 432.794541][ C3] tcp_v4_rcv+0x33bc/0x43b0 [ 432.795719][ C3] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 432.796990][ C3] ? __pfx_raw_local_deliver+0x10/0x10 [ 432.799078][ C3] ? rcu_is_watching+0x12/0xc0 [ 432.800318][ C3] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 432.801570][ C3] ip_protocol_deliver_rcu+0xba/0x4c0 [ 432.802958][ C3] ip_local_deliver_finish+0x316/0x570 [ 432.804371][ C3] ip_local_deliver+0x18e/0x1f0 [ 432.805624][ C3] ? __pfx_ip_local_deliver+0x10/0x10 [ 432.807000][ C3] ip_rcv+0x2c3/0x5d0 [ 432.808041][ C3] ? __pfx_ip_rcv+0x10/0x10 [ 432.809227][ C3] __netif_receive_skb_one_core+0x199/0x1e0 [ 432.810744][ C3] ? __pfx___netif_receive_skb_one_core+0x10/0x10 [ 432.812440][ C3] ? trace_lock_acquire+0x14a/0x1d0 [ 432.813775][ C3] ? process_backlog+0x3f1/0x15f0 [ 432.815072][ C3] ? process_backlog+0x3f1/0x15f0 [ 432.816380][ C3] __netif_receive_skb+0x1d/0x160 [ 432.817662][ C3] process_backlog+0x443/0x15f0 [ 432.818924][ C3] __napi_poll.constprop.0+0xb7/0x550 [ 432.820316][ C3] net_rx_action+0xa92/0x1010 [ 432.821532][ C3] ? __pfx_net_rx_action+0x10/0x10 [ 432.822845][ C3] ? __pfx_mark_lock+0x10/0x10 [ 432.824087][ C3] ? kvm_sched_clock_read+0x11/0x20 [ 432.825415][ C3] ? sched_clock+0x38/0x60 [ 432.826568][ C3] ? sched_clock_cpu+0x6d/0x4d0 [ 432.827835][ C3] ? mark_held_locks+0x9f/0xe0 [ 432.829092][ C3] handle_softirqs+0x213/0x8f0 [ 432.830333][ C3] ? __pfx_handle_softirqs+0x10/0x10 [ 432.831689][ C3] ? __dev_queue_xmit+0x872/0x4350 [ 432.833013][ C3] do_softirq+0xb2/0xf0 [ 432.834076][ C3] [ 432.834838][ C3] [ 432.835603][ C3] __local_bh_enable_ip+0x100/0x120 [ 432.836960][ C3] ? __dev_queue_xmit+0x872/0x4350 [ 432.838282][ C3] __dev_queue_xmit+0x887/0x4350 [ 432.839554][ C3] ? hlock_class+0x4e/0x130 [ 432.840736][ C3] ? __lock_acquire+0x163e/0x3ce0 [ 432.842041][ C3] ? __pfx___dev_queue_xmit+0x10/0x10 [ 432.843427][ C3] ? hlock_class+0x4e/0x130 [ 432.844612][ C3] ? mark_lock+0xb5/0xc60 [ 432.845741][ C3] ? __pfx___lock_acquire+0x10/0x10 [ 432.847078][ C3] ? __pfx_mark_lock+0x10/0x10 [ 432.848329][ C3] ? find_held_lock+0x2d/0x110 [ 432.849570][ C3] ? __ip_finish_output+0x49e/0x950 [ 432.850915][ C3] ? __pfx_lock_release+0x10/0x10 [ 432.852220][ C3] ? mark_held_locks+0x9f/0xe0 [ 432.853460][ C3] ip_finish_output2+0x16d5/0x2530 [ 432.855453][ C3] ? __pfx_ip_finish_output2+0x10/0x10 [ 432.856864][ C3] ? ip_skb_dst_mtu+0x3fc/0xc70 [ 432.858126][ C3] ? __pfx_ip_skb_dst_mtu+0x10/0x10 [ 432.859474][ C3] __ip_finish_output+0x49e/0x950 [ 432.860785][ C3] ip_finish_output+0x31/0x310 [ 432.862029][ C3] ip_output+0x13b/0x2a0 [ 432.863138][ C3] ? __pfx_ip_output+0x10/0x10 [ 432.864396][ C3] ip_local_out+0x33e/0x4a0 [ 432.865581][ C3] __ip_queue_xmit+0x747/0x1940 [ 432.866840][ C3] ? __pfx_ip_queue_xmit+0x10/0x10 [ 432.868174][ C3] __tcp_transmit_skb+0x2a3a/0x3da0 [ 432.869518][ C3] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 432.870939][ C3] ? kasan_quarantine_put+0x10a/0x240 [ 432.872367][ C3] tcp_write_xmit+0x7d13/0x8b80 [ 432.873636][ C3] __tcp_push_pending_frames+0xaf/0x390 [ 432.875074][ C3] tcp_rcv_established+0x93a/0x21c0 [ 432.876436][ C3] ? __pfx_tcp_rcv_established+0x10/0x10 [ 432.877871][ C3] ? __pfx_lock_release+0x10/0x10 [ 432.879177][ C3] tcp_v4_do_rcv+0x5ca/0xa90 [ 432.880379][ C3] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 432.881700][ C3] __release_sock+0x31b/0x400 [ 432.882933][ C3] ? release_sock+0x21/0x220 [ 432.884115][ C3] release_sock+0x5a/0x220 [ 432.885279][ C3] __mptcp_push_pending+0x400/0x560 [ 432.886623][ C3] ? __pfx___mptcp_push_pending+0x10/0x10 [ 432.888111][ C3] ? __virt_addr_valid+0x5e/0x590 [ 432.889418][ C3] ? const_folio_flags.constprop.0+0x56/0x150 [ 432.890998][ C3] ? __phys_addr_symbol+0x30/0x80 [ 432.892311][ C3] ? __check_object_size+0x488/0x710 [ 432.893681][ C3] mptcp_sendmsg+0xce5/0x1f20 [ 432.894912][ C3] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 432.896255][ C3] ? __pfx_aa_sk_perm+0x10/0x10 [ 432.897498][ C3] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 432.898821][ C3] inet_sendmsg+0x119/0x140 [ 432.900007][ C3] __sys_sendto+0x426/0x4d0 [ 432.901198][ C3] ? __pfx___sys_sendto+0x10/0x10 [ 432.902492][ C3] ? __sys_connect+0xea/0x180 [ 432.903727][ C3] ? xfd_validate_state+0x5d/0x180 [ 432.905055][ C3] ? rcu_is_watching+0x12/0xc0 [ 432.906296][ C3] __ia32_sys_sendto+0xdd/0x1b0 [ 432.907554][ C3] ? lockdep_hardirqs_on+0x7c/0x110 [ 432.908902][ C3] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 432.911304][ C3] __do_fast_syscall_32+0x73/0x120 [ 432.912717][ C3] do_fast_syscall_32+0x32/0x80 [ 432.913978][ C3] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 432.915613][ C3] RIP: 0023:0xf73ce579 [ 432.916688][ C3] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 432.921591][ C3] RSP: 002b:00000000f56b656c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 432.923717][ C3] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000040 [ 432.925754][ C3] RDX: 00000000ffffff4c RSI: 0000000000000000 RDI: 0000000000000000 [ 432.927787][ C3] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 432.929842][ C3] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 432.931866][ C3] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 432.933897][ C3] [ 432.935359][ C3] Kernel Offset: disabled [ 432.936673][ C3] Rebooting in 86400 seconds.. VM DIAGNOSIS: 11:18:22 Registers: info registers vcpu 0 CPU#0 RAX=fffffbfff2d31588 RBX=fffffbfff2d31589 RCX=ffffffff8169e8ab RDX=0000000000000001 RSI=0000000000000008 RDI=ffffffff9698ac40 RBP=fffffbfff2d31588 RSP=ffffc90001f3f718 R8 =0000000000000000 R9 =fffffbfff2d31588 R10=ffffffff9698ac47 R11=0000000000000002 R12=dffffc0000000000 R13=0000000000000001 R14=0000000000000004 R15=ffff8880207b0000 RIP=ffffffff81edea4b RFL=00000083 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b400000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=ffffffffdfa50000 CR3=000000005895e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000000 RBX=0000000000000000 RCX=8f5c28f5c28f5c29 RDX=0000000000000001 RSI=ffff8880297e0ae0 RDI=ffff8880297e0b04 RBP=0000000000000001 RSP=ffffc90021197790 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=ffff8880297e0ae0 R14=00000000000001bf R15=ffff8880297e0000 RIP=ffffffff8169e54c RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0003 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b500000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=ffffffffdfa50000 CR3=000000005fade000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000c400000000 0000000100000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=dffffc0000000000 RBX=ffff888025ec8850 RCX=ffff88802b63f9c0 RDX=1ffff11004bd910a RSI=ffff888024c34910 RDI=ffff888024c34910 RBP=ffff888024c34900 RSP=ffffc90000487b40 R8 =0000000000000000 R9 =ffffed1004241488 R10=ffff88802120a447 R11=0000000000000001 R12=ffff888025ec8978 R13=ffff888025ec8800 R14=ffff88802b63ee80 R15=ffff888024c34900 RIP=ffffffff815ea5e1 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0000 0000000000000000 ffffffff 00c00000 DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff88802b600000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=ffffffffdfa50000 CR3=000000002571a000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000008082082 Opmask01=0000000000000000 Opmask02=00000000dfff7fff Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2525252525252525 2525252525252525 2525252525252525 2525252525252525 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 0054454955510029 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 554245440045534f 4252455600524f52 5245004c41544146 005445495551000c ZMM20=0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 0000000000000000 0000000000000004 ZMM21=3f5487173f548717 3f5487173f548717 3f5487173f548717 3f5487173f548717 3f5487173f548717 3f5487173f548717 3f5487173f548717 3f5487173f548717 ZMM22=90c22ec090c22ec0 90c22ec090c22ec0 90c22ec090c22ec0 90c22ec090c22ec0 90c22ec090c22ec0 90c22ec090c22ec0 90c22ec090c22ec0 90c22ec090c22ec0 ZMM23=5b806cba5b806cba 5b806cba5b806cba 5b806cba5b806cba 5b806cba5b806cba 5b806cba5b806cba 5b806cba5b806cba 5b806cba5b806cba 5b806cba5b806cba ZMM24=07488c9d07488c9d 07488c9d07488c9d 07488c9d07488c9d 07488c9d07488c9d 07488c9d07488c9d 07488c9d07488c9d 07488c9d07488c9d 07488c9d07488c9d ZMM25=f3df0675f3df0675 f3df0675f3df0675 f3df0675f3df0675 f3df0675f3df0675 f3df0675f3df0675 f3df0675f3df0675 f3df0675f3df0675 f3df0675f3df0675 ZMM26=b77218a0b77218a0 b77218a0b77218a0 b77218a0b77218a0 b77218a0b77218a0 b77218a0b77218a0 b77218a0b77218a0 b77218a0b77218a0 b77218a0b77218a0 ZMM27=cdd54f67cdd54f67 cdd54f67cdd54f67 cdd54f67cdd54f67 cdd54f67cdd54f67 cdd54f67cdd54f67 cdd54f67cdd54f67 cdd54f67cdd54f67 cdd54f67cdd54f67 ZMM28=000000200000001f 0000001e0000001d 0000001c0000001b 0000001a00000019 0000001800000017 0000001600000015 0000001400000013 0000001200000011 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=a50f0000a50f0000 a50f0000a50f0000 a50f0000a50f0000 a50f0000a50f0000 a50f0000a50f0000 a50f0000a50f0000 a50f0000a50f0000 a50f0000a50f0000 info registers vcpu 3 CPU#3 RAX=000000000000006b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85034e45 RDI=ffffffff9a63a220 RBP=ffffffff9a63a1e0 RSP=ffffc900005efd68 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000 R12=0000000000000000 R13=000000000000006b R14=ffffffff85034de0 R15=0000000000000000 RIP=ffffffff85034e6f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff88802b700000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=ffffffffdfa50000 CR3=000000006d06c000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000002 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001f000000000 0000000400000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000